CORS support for PUT and DELETE with ASP.NET Web API

It looks like adding another custom header sorted it out:

<system.webServer>
 <httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Headers" value="Content-Type" />
    <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
  </customHeaders>
 </httpProtocol>
</system.webServer>

Very simple solution to overcome CORS Issue in WEBAPI2.2.

Add the following in you WebApi Config File.

var cors = new EnableCorsAttribute("*", "*", "*");
Config.EnableCors(cors);

Before adding this make sure you remove the custom header in the Web.config file.

    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Credentials" value="true" />
    <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept, X-Token" />
    <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />

If you have both customheader as well the CORS enabled in WebApiconfig, you will face the cors error.

Add the cors enabled in WebApi config will solve the issue.


Also, in addition to Nathan answer, make sure you disabled WebDAV IIS module and set runAllManagedModulesForAllRequests="true" setting in the web.config:

<system.webServer>
  <modules runAllManagedModulesForAllRequests="true">
    <remove name="WebDAVModule"/>
  </modules>
  <handlers>
    <remove name="WebDAV" />
  </handlers>
</system.webServer>

Without this, preflight CORS requests (which are used for PUT, DELETE methods and send additional OPTIONS request) will not work.