I am working with the final version of ASP.NET Web API to implement a JavaScript-friendly API. Per various tutorials, I have enabled CORS in my web.config:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
</customHeaders>
</httpProtocol>
</system.webServer>
With the above, cross-domain GET and POST requests work fine, but PUT and DELETE requests both fail.
In Chrome:
Method PUT is not allowed by Access-Control-Allow-Methods.
Method DELETE is not allowed by Access-Control-Allow-Methods.
Is there something additional required to get PUT and DELETE verbs working cross-domain?
It looks like adding another custom header sorted it out:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>