Ohjay44 Ohjay44 - 1 month ago 16
AngularJS Question

CORS issue with C# Servicestack and NodeJS

I am having an issue with CORS through Servicestack C# API. I have an angularjs application that is being served up through a nodejs back-end running on a Microsoft Server. NodeJS serves up the angular project just fine and node itself has no issue contacting the Servicestack service that I have running on a different domain but on the same server. The issue comes when I need to make a Microsft Active Directory call to get the current active user. In order to correctly make this call I have to call the Servicestack service from my angularjs project. When I make that call I get

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://domain1:8080' is therefore not allowed access
I have other projects that I can make this same call from just fine but for some reason I can't seem to make this one work.

Angularjs call (http://domain1:8080):

$http.get("http://domain2/dochelper/GetActiveAccount?format=json", { headers: { "siteprefix": prefix } })
.then(function successCallback(resp) {
}, function errorCallback(resp) {


Servicestack request:

public class GetActiveAccount
public string Id { get; set; }

public AccountDTO Get(GetActiveAccount request)
AccountDTO obj = new AccountDTO();

var ses = this.GetSession() as AuthUserSession;

return obj;

Servicestack CORS config:

Plugins.Add(new CorsFeature(allowOriginWhitelist: new[] { "http://winexpresstest:8080" },
allowedMethods: "GET, POST, PUT, DELETE, OPTIONS",
allowedHeaders: "Content-Type, Authorization, Session-Id, ViewPort-Width, ViewPort-PixelRatio, Accept-Ranges, Pragma, Cache-Control, If-Modified-Since, Access-Control-Allow-Origin, siteprefix",
allowCredentials: true));

Plugins.Add(new AuthFeature(() => new AuthUserSession(), new ServiceStack.Auth.IAuthProvider[] {
new AspNetWindowsAuthProvider(this) {
LoadUserAuthFilter = LoadUserAuthInfo,
AllowAllWindowsAuthUsers = true



You'll want to specify the origins in the white list to have the domain explicitly listed in the Access-Control-Allow-Origin HTTP Response header, e.g:

Plugins.Add(new CorsFeature(allowOriginWhitelist: new [] { "http://domain1:8080" },
    allowedMethods: "GET, POST, PUT, DELETE, OPTIONS",
    allowCredentials: false));