DEVHIDE
Login Or Sign up

Can not catch HttpMethod: OPTIONS on a http request

917 Views Asked by At

I'm writing an ActionFilterAttribute where I check userId route/query parameters and compare it against the subject of a jwt token. I noticed that my Action Filter gets triggered twice. In chrome I can see that an OPTIONS request is sent to the server and in my debug console output I can see the call with the correct http method:

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 OPTIONS http://localhost:5000/api/v1/users/33417
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:5000/api/v1/users/33417 application/json

But when it hits my Action Filter, Http Method is always set as GET so I can not make my filter return on an OPTIONS call.

Here is a basic OnActionExecutionAsync override method:

    public override Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
    {
        Debug.WriteLine("URL CALL: " + context.HttpContext.Request.GetDisplayUrl());
        Debug.WriteLine("HTTP METHOD: " + context.HttpContext.Request.Method);
        if (HttpMethods.IsOptions(context.HttpContext.Request.Method))
        {
            Debug.WriteLine("HTTP METHOD: OPTIONS");
            return base.OnActionExecutionAsync(context, next);
        }
        // Other Code ....
    }

The debug log:

URL CALL: http://localhost:5000/api/v1/users/33417
HTTP METHOD: GET 
URL CALL: http://localhost:5000/api/v1/users/33417 
HTTP METHOD: GET

Another interesting point is that if I request OPTIONS from Postman tool my API returns this error message:

{
    "error": {
        "code": "UnsupportedApiVersion",
        "message": "The HTTP resource that matches the request URI 'http://localhost:5000/api/v1/users/33417' with API version '1' does not support HTTP method 'OPTIONS'.",
        "innerError": null
    }
}

Here is my Cors Configuration in Startup:

services.AddCors(options => options.AddPolicy(_constants.CorsPolicy,
                builder => builder.AllowAnyOrigin()
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials()
                    .Build()));

Is there any way I can catch the OPTIONS http method in my Action Filter?

c# asp.net-web-api asp.net-core .net-core actionfilterattribute
Original Q&A
1

There are 1 best solutions below

4
On

Since you have CORS setup on the app, it responds to the OPTIONS pre-flight request before MVC. That request never gets to MVC, so your filter cannot see it. What your filter sees is the GET request that comes after the OPTIONS request.

app.UseCors(); //Sees OPTIONS request, sets response and returns

app.UseMvc();

Related Questions in C#

Related Questions in ASP.NET-WEB-API

Related Questions in ASP.NET-CORE

Related Questions in .NET-CORE

Related Questions in ACTIONFILTERATTRIBUTE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.