Since the request itself was successful and it was the browser disallowing completion of the request, I knew it was CORS related, pointing to the headers being passed. I included the basic authorization token within custom headers in the ajax call, so instead of using any “header” field, I tried setting an “authorization” field within the ajax call. With no headers, the request was successful. (I probably don’t know what I’m talking about here)
I added this line to the web.config file:
<add key="CorsOrigins" value="*" />
I set these headers in HTTP Response Headers on IIS:
Access-Control-Allow-Methods = *
Access-Control-Request-Headers = OPTIONS, GET, POST, PUT, DELETE
Here is the jQuery Ajax call:
var settings = {
"xhrFields":{withCredentials:true},
"async": true,
"method": "GET",
"url": url,
"authorization": "Basic {your token here}",
"Content-Type": "text/plain",
error: function(msg){
$('#error').text(JSON.stringify(msg));
}
}
$('#restCaller').click(function(){
$.ajax(settings).done(function (response) {
console.log(response);
$('#callResponse').text(response);
});
});
I get I haven’t made the most sensible choices here, but this is how I got it working.