1

I have issues when trying to Post data to my API using ServiceStack's JsonServiceClient.

I get the following error message in the console

Access to fetch at 'https://192.168.10.191:5001/json/reply/CreateEquipment' from origin 'http://192.168.10.191:5000' has been blocked by CORS policy: Request header field headers is not allowed by Access-Control-Allow-Headers in preflight response.

I have added 192.168.10.191:5000 to the Whitelist.

I can see in the network tab that it tries to access "https://192.168.10.191:5001/json/reply/CreateEquipment" but nothing is showing when I capture the traffic using fiddler.

I have attached an image of the headers. https://i.stack.imgur.com/hUfII.png

Atle Kristiansen
  • 707
  • 7
  • 28

1 Answers1

3

Your requesting a https resource at port 5001 but your origin white list returns a http resource on 5000, they need to match.

mythz
  • 141,670
  • 29
  • 246
  • 390
  • by that you mean that they both have to be HTTPS or HTTP? The API is running on HTTPS:5001 and the angular frontend is on HTTP:5000 – Atle Kristiansen Mar 17 '19 at 18:53
  • @AtleKristiansen it needs to match the origin of the request, atm it doesn’t. – mythz Mar 17 '19 at 18:58
  • So what you are saying is that the API cannot be a separate service? IE it should be on 5000 as well? – Atle Kristiansen Mar 17 '19 at 19:13
  • I have now moved the API to 192.168.10.191:5000/API. The cors message is not there anymore, now however the CreateEquipment request tries to access "https://192.168.10.191:5000/api/json/reply/CreateEquipment" which is autogenerated. The correct path is api/equipments, why is the dtos downloaded from the API incorrect? – Atle Kristiansen Mar 17 '19 at 19:29
  • https://192.168.10.191:5001 is the API where the requests are sent to. So do I need to add a field into the request header where I specify that it should be able? – Atle Kristiansen Mar 17 '19 at 19:31
  • @AtleKristiansen All Service Clients except for .NET uses the [pre-defined routes](https://docs.servicestack.net/routing#pre-defined-routes), you need to specify your [own custom routes](https://docs.servicestack.net/typescript-add-servicestack-reference#making-api-requests-with-urls) if you want to use different routes. – mythz Mar 17 '19 at 19:32
  • Where should I specify the route? The route is specified on the API, and I can post,delete, get from restlet without any issues. There are no examples (as I can see) that uses the post request. – Atle Kristiansen Mar 17 '19 at 19:37
  • @AtleKristiansen Refer to the [JsonServiceClient API](https://github.com/ServiceStack/servicestack-client/blob/master/src/index.d.ts#L276), some [examples in the project home page](https://github.com/ServiceStack/servicestack-client#calling-apis-with-custom-urls) and in the tests. But I don't know why you're not just using the pre-defined routes, you're opening yourself to human error if they ever get out of sync with the server. – mythz Mar 17 '19 at 19:41
  • Mostly because I didn't know that they existed. I will remove all my defined routes. – Atle Kristiansen Mar 17 '19 at 19:47
  • @AtleKristiansen you don’t have to remove them, you can make them available on both, custom routes are better for humans, pre-defined routes are always available and better for tooling/libraries as they can be predicted by client libraries. – mythz Mar 17 '19 at 19:50
  • Oh, I though I removed the predefined routes when defining my own. How to I enable the option to make the API to enable the predefined routes as well? – Atle Kristiansen Mar 17 '19 at 19:58
  • @AtleKristiansen The predefined routes are always enabled, that’s why client libraries know they can use them. – mythz Mar 17 '19 at 20:00
  • But I get 404 not found when trying to access the predefined routes. Alright, get back to me when you can. – Atle Kristiansen Mar 17 '19 at 20:02
  • @AtleKristiansen you shouldn’t be trying to use any routes, just the typed DTOs, if you’re getting a 404 then you might be using the wrong BaseUrl or something. You’d need to open a new question with the HTTP Request/Response headers. Please don’t link to the image, either paste the raw headers as text (preferred) otherwise embed the image if you need to, but don’t link to it like here. – mythz Mar 17 '19 at 20:07