Setting the allowed HTTP methods

We can also restrict the HTTP methods in CORS. This can be achieved by supplying a comma separated list of HTTP methods that are allowed to the [EnableCors] attribute's methods parameter as given in the following:

[EnableCors(origins: "http://localhost:53870", headers: "*", methods: "get,post")] public class ContactsController : ApiController { IEnumerable<Contact> contacts = new List<Contact> { new Contact { Id = 1, Name = "Steve", Email = "steve@gmail.com", Mobile = "+1(234)35434" }, new Contact { Id = 2, Name = "Matt", Email = "matt@gmail.com", Mobile = "+1(234)5654" }, new Contact { Id = 3, Name = "Mark", Email = "mark@gmail.com", Mobile = "+1(234)56789" } }; // GET: api/Contacts public IEnumerable<Contact> ...

Get ASP.NET Web API Security Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Web API Security Essentials by Rajesh Gunasundaram

Setting the allowed HTTP methods

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly