Home > Mobile >  HttpClient post produces wrong headers and no body
HttpClient post produces wrong headers and no body

Time:04-20

I am trying to get data from my api using this code:

            _httpClient.DefaultRequestHeaders.Accept.Clear();
            _httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

            var content = new StringContent(JsonConvert.SerializeObject(parameters), UTF8Encoding.UTF8, "application/json");

            var response = await _httpClient.PostAsync(uri, content);

Unfortunately when I am trying to debug this request with Fiddler it produces this raw request.

OPTIONS https://localhost:7052/v1/users/login HTTP/1.1
Host: localhost:7052
Connection: keep-alive
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://localhost:7063
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Edg/100.0.1185.44
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://localhost:7063/
Accept-Encoding: gzip, deflate, br
Accept-Language: pl,en;q=0.9,en-GB;q=0.8,en-US;q=0.7

Proper should be:

POST https://localhost:7052/v1/users/login HTTP/1.1
Host: localhost:7052
Connection: keep-alive
Content-Length: 50
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"
accept: application/json
Content-Type: application/json
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 Edg/100.0.1185.44
sec-ch-ua-platform: "Windows"
Origin: https://localhost:7052
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://localhost:7052/swagger/index.html
Accept-Encoding: gzip, deflate, br
Accept-Language: pl,en;q=0.9,en-GB;q=0.8,en-US;q=0.7

{
  "username": "string",
  "password": "string"
}

I am struggling with this problem and maybe I am missing something obvious?

Edit: I had an misconfigured CORS. Thank you Panagiotis Kanavos for pointing me in the right direction.

In my minimal api project I had to configure CORS policy

builder.Services.AddCors(options => options.AddDefaultPolicy(builder =>
builder.AllowAnyOrigin()
       .AllowAnyHeader()
       .AllowAnyMethod()
));

before

app.UseCors(); 

CodePudding user response:

The Agent string suggests you're using Blazor and send a request to a site using CORS. The OPTIONS request is a CORS pre-flight request and is entirely normal. The browser is asking the server if it's OK to make a POST request.

If you use your browser's developer tools you'll see the POST request right after the OPTIONS request.

As the docs explain :

For some CORS requests, the browser sends an additional request, called a "preflight request", before it sends the actual request for the resource.

The browser can skip the preflight request if the following conditions are true:

  • The request method is GET, HEAD, or POST, and

  • The application does not set any request headers other than Accept, Accept-Language, Content-Language, Content-Type, or Last-Event-ID, and

  • The Content-Type header (if set) is one of the following:

    • application/x-www-form-urlencoded
    • multipart/form-data
    • text/plain

You're sending a JSON string so there's no way to avoid the preflight request.

In .NET 6 you can use PostAsJsonAsync and get rid of most of your code, but not the OPTIONS request.

Since .NET 6 is the current LTS version, you should migrate to it sooner or later. .NET 5 goes out of support in 3 weeks.

  • Related