Why Am I Getting a 405 Method Not Allowed Response When Enabling CORS on IIS7?

Enabling Cross-Origin Resource Sharing (CORS) on IIS7

Enabling CORS on IIS7 can be a daunting task, especially if you encounter unexpected behavior such as the 405 response before the 200 response. This article aims to shed light on this issue and provide effective solutions.

Addressing the 405 Response

The 405 Method Not Allowed response can occur when IIS7 intercepts the HTTP OPTIONS request instead of your application. To resolve this:

1. Navigate to the Handler Mappings section in IIS7.
2. Locate the "OPTIONSVerbHandler" entry.
3. Change the "ProtocolSupportModule" setting to "IsapiHandler."
4. Set the executable to "%windir%Microsoft.NETFrameworkv4.0.30319aspnet_isapi.dll."

Alternative Solution: Handling OPTIONS Verb in BeginRequest

If the above steps do not resolve the issue, you can handle the HTTP OPTIONS verb in your BeginRequest method as follows:

protected void Application_BeginRequest(object sender, EventArgs e)
{
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");

    if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
    {
        // Pre-flight OPTIONS call
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
        HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
        HttpContext.Current.Response.End();
    }
}

The above is the detailed content of Why Am I Getting a 405 Method Not Allowed Response When Enabling CORS on IIS7?. For more information, please follow other related articles on the PHP Chinese website!