1
Vote

MaxDataServiceVersion is not allowed by Access-Control-Allow-Headers.

description

When using against WCF/OData v3 I get "Request header field MaxDataServiceVersion is not allowed by Access-Control-Allow-Headers."

comments

ATrigo wrote May 30, 2012 at 11:09 PM

Hi, could you please provide a short repro of the issue. A network trace of the request would be helpful also.

kurtomatic wrote Jul 3, 2012 at 8:58 PM

I have the same issue with WCF Data Service 5. I am using <customHeaders> tags in my hosting ASP web.config for XDR, and I was able to work around this issue by adding the indicated header to the Access-Control-Allow-Headers header:

<system.webServer>
...
<httpProtocol>
<customHeaders>
  <add name="Access-Control-Allow-Origin" value="*" />
  <add name="Access-Control-Max-Age" value="3600" />
  <add name="Access-Control-Allow-Headers" value="Content-Type, Accept, MaxDataServiceVersion" />
  <add name="Access-Control-Allow-Methods" value="PUT, POST, GET, DELETE, MERGE, OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>

wrote Feb 22, 2013 at 1:20 AM

nblackMSFT wrote Dec 12, 2013 at 7:46 PM

He is trying to do a CORS request. I saw this too. In CORS, you cannot add custom headers unless the server allows you to send them - but datajs always send them and has no way to not send this custom header - even with your own httpClient, which breaks all CORS scenarios unless you can change that server side code to allow those headers.

hemantsathe wrote Mar 19, 2015 at 1:23 PM

Hi,
I tried allowing these options on server side in CORS. Unfortunately the OPTIONS query says that these headers are allowed but the GET query returns 404 error.