Cross Domain, jQuery, jQuery AJAX


Cross-site HTTP requests are HTTP requests for resources from a different domain than the domain of the resource making the request. For instance, a resource loaded from Domain A (http://domaina.example) such as an HTML web page, makes a request for a resource on Domain B (, such as an image, using the img element ( This occurs very commonly on the web today — pages load a number of resources in a cross-site manner, including CSS stylesheets, images and scripts, and other resources.

As an example –
If my Server is in and my client (which is hosted at calls that Server with an AJAX GET , it will give an error for Cross Domain Issue .

If the Client and Server is in the same server but in different port , It will also give Cross Domain error . Only if Client and Server are in same Address , it will work nicely.

Suppose , My MVC WebAPI is hosted at and my client is in , It will throw the error .
We can fix this issue by Using Cross Origin Resource Sharing (CORS) in ASP.NET Web API Server .

For that , We can create a CORS handler and add that handler to GlobalCOnfiguration’s MessageHandler .
My Cors handler is something like this :

public class CorsHandler : DelegatingHandler
        const string Origin = "Origin";
        const string AccessControlRequestMethod = "Access-Control-Request-Method";
        const string AccessControlRequestHeaders = "Access-Control-Request-Headers";
        const string AccessControlAllowOrigin = "Access-Control-Allow-Origin";
        const string AccessControlAllowMethods = "Access-Control-Allow-Methods";
        const string AccessControlAllowHeaders = "Access-Control-Allow-Headers";

        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
            bool isCorsRequest = request.Headers.Contains(Origin);
            bool isPreflightRequest = request.Method == HttpMethod.Options;
            if (isCorsRequest)
                if (isPreflightRequest)
                    HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK);
                    response.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());

                    string accessControlRequestMethod = request.Headers.GetValues(AccessControlRequestMethod).FirstOrDefault();
                    if (accessControlRequestMethod != null)
                        response.Headers.Add(AccessControlAllowMethods, accessControlRequestMethod);

                    string requestedHeaders = string.Join(", ", request.Headers.GetValues(AccessControlRequestHeaders));
                    if (!string.IsNullOrEmpty(requestedHeaders))
                        response.Headers.Add(AccessControlAllowHeaders, requestedHeaders);

                    TaskCompletionSource<HttpResponseMessage> tcs = new TaskCompletionSource<HttpResponseMessage>();
                    return tcs.Task;
                    return base.SendAsync(request, cancellationToken).ContinueWith<HttpResponseMessage>(t =>
                        HttpResponseMessage resp = t.Result;
                        resp.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
                        return resp;
                return base.SendAsync(request, cancellationToken);

Now Add that to Global.asax.cs like below :

GlobalConfiguration.Configuration.MessageHandlers.Add(new CorsHandler());

Now our Server is ready to handle any Cross Domain Client’s Call .

Cheers 🙂


Leave a Reply

Your email address will not be published. Required fields are marked *