Good day! Not the first day I struggle with the task, I can not understand the reason.

I want to create an almost HelloWorld solution for exchanging information between the client and the server using Angular (different resource addresses).

The server part, the standard function (as ValuesController) for the GET and POST methods, the controller requires authorization.

The client part, the registration and authorization page and the data retrieval page (GET method) and the data upload page (POST method).

In the server configuration indicated permission to connect:

<httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="http://localhost:16174" /> <add name="Access-Control-Allow-Headers" value="Content-Type, authorization, Accept, X-Requested-With" /> <add name="Access-Control-Allow-Methods" value="GET, POST" /> </customHeaders> </httpProtocol>

The method for GET looks easier nowhere:

 [HttpGet] public IEnumerable<string> Get() { return new string[] { "GET1", "GET2" }; }

and for POST:

 [HttpPost] public IEnumerable<string> Post() { return new string[] { "POST_Param1", "POST_Param2" }; }

The controller has an Authorize attribute.

Client part:

 var serverAddress = "serverAddr"; var app = angular.module('appHello'); app.controller("controllerHello", [ "$scope", "$http", function ($scope, $http) { var token = sessionStorage.getItem(tokenKey); $http({ method: 'GET', url: serverAddress + '/api/EmployeeAPI', headers: { 'authorization': 'bearer ' + token } }).then(function(response) { $scope.cash = response.data; }, function(response) { console.error("Connect error"); }); } ]);

Query result:

Request:

OPTIONS / api / EmployeeAPI HTTP / 1.1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: GET
User-Agent: Mozilla / 5.0 (Windows NT 6.2; Win64; x64) AppleWebKit / 537.36 (KHTML, like Gecko) Chrome / 55.0.2883.35 Safari / 537.36
Access-Control-Request-Headers: authorization
Accept: /
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: ru-RU, ru; q = 0.8, en-US; q = 0.6, en; q = 0.4

Response:

HTTP / 1.1 405 Method Not Allowed
Cache-Control: no-cache
Pragma: no-cache
Allow: GET
Content-Type: application / json; charset = utf-8
Expires: -1
Server: Microsoft-IIS / 8.0
X-AspNet-Version: 4.0.30319
X-SourceFiles: =? UTF-8? B? QzpcU2l0ZXNcVGVzdFxUZXN0U2RcU291cmNlXFNlcnZlclxhcGlcRW1wbG95ZWVBUEk =? =
X-Powered-By: ASP.NET
Access-Control-Allow-Headers: Content-Type, authorization, Accept, X-Requested-With
Access-Control-Allow-Methods: GET, POST
Date: Wed, 09 Nov 2016 18:59:34 GMT
Content-Length: 108

Server response:

 {"Message":"Запрошенный ресурс не поддерживает HTTP-метод "OPTIONS"."}

The problem is that I can’t understand why a cross-domain OPTIONS request is sent and in both cases it's GET that POST and not GET or POST. If you do not connect your own headers (authorization to transfer a token), then the request correctly leaves.

What am I doing wrong, what's the problem?

Webkit Webkit

    0