Enabling CORS
for Nancy API and other API's(WEbAPI)
for Nancy API and other API's(WEbAPI)
Here I am going to describe about:
1. What is CORS and it's use?
2. Where it is implemented?
Finally... How it is Implemented?
1. What is CORS and it's use?
It’s a mechanism that allows resources such as fonts, Java scripts, etc. to be requested from another domain outside the domain from which the resource originated.
Still unclear?
Going in a simpler and clear manner - The above description meant to say that...
If you have a web page containing Java Scripts, J query, etc. in one Domain let us consider this domain as D1.
And we have a second Domain naming it as D2 containing a Rest API(Considering Nancy Framework in our case) we have URL's from this Domain for particular CRUD operation which may be called on our previous domain D1.
"Cross-domain" AJAX requests are forbidden by default from our Domain D1 because of their ability to perform advanced requests (POST, PUT, DELETE and other types of HTTP request along with specifying custom HTTP headers) that introduce many cross-site scripting security issues.
CORS defines a way in which a browser and server can interact to safely determine whether or not to allow the cross-origin request (i.e. D2 can call from D1 domain). It allows for more freedom and functionality than purely same-origin requests, but is more secure than simply allowing all cross-origin requests.
It seems you are now bit clear about what is CORS.
2. Where it is Implemented?
Here, we present two scenarios that illustrate how Cross-Origin Resource Sharing works, and how to allow CORS in NancyFx and Microsoft WebAPI
Enabling CORS in Nancy API
Here we are considering Nancy Framework as the API
So it’s implemented in D2 domain i.e. API you’re querying to support it, which is called in D1 domain for cross platform resource sharing.
Enabling CORS in WebApi
First, add the CORS NuGet package. In Visual Studio, from the Tools menu, select Library Package Manager, then select Package Manager Console. In the Package Manager Console window, type the following command:
Open the file App_Start/WebApiConfig.cs. Add the following code to the WebApiConfig.Register method.
For the origins parameter, use the URI where you deployed the WebClient application. This allows cross-origin requests from WebClient, while still disallowing all other cross-domain requests.
Scope Rules for [EnableCors]
You can enable CORS per action, per controller, or globally for all Web API controllers in your application. If you set the attribute at more than one scope, the order of precedence is: Action, Controller and then Global.
Per Action
To enable CORS for a single action, set the [EnableCors] attribute on the action method. The following example enables CORS for the GetStudents method only.
Per Controller
If you set [EnableCors] on the controller class, it applies to all the actions on the controller. To disable CORS for an action, add the [DisableCors] attribute to the action. The following example enables CORS for every method except PutStudents.
Globally
To enable CORS for all Web API controllers in your application, pass an EnableCorsAttribute instance to theEnableCors method:
That is all I have got for nancy from my Sessions 1 and 2. If you still come across any issues or challenges you are free to comment or get in touch with me through my Networking Ids mentioned.