To make the scenario of integrating the recently added HTTP batching function with CORS work, following setting up is required.
'''
var config = GlobalConfiguration.Configuration;
config.Routes.MapHttpBatchRoute(
"batch",
"api/batch",
new DefaultHttpBatchHandler(GlobalConfiguration.DefaultServer));
config.EnableCors(new EnableCorsAttribute());
'''
The problem is the global Cors policy (or default cors policy provider) is required. It is because the batching endpoint doesn't have a real action related so action descriptor is null.
It limit user's choices when they want CORS + HTTP batching scenario but don't want to set a global cors policy. It also indicates that we can't configure CORS on route based HTTP message handler.
Comments: This is a bit trickier than it seems because with batching the CORS protection applies to the batch and not to the sub-requests within it. A developer is more likely to want to control the CORS settings on the actual controller actions and not on the batch itself.
'''
var config = GlobalConfiguration.Configuration;
config.Routes.MapHttpBatchRoute(
"batch",
"api/batch",
new DefaultHttpBatchHandler(GlobalConfiguration.DefaultServer));
config.EnableCors(new EnableCorsAttribute());
'''
The problem is the global Cors policy (or default cors policy provider) is required. It is because the batching endpoint doesn't have a real action related so action descriptor is null.
It limit user's choices when they want CORS + HTTP batching scenario but don't want to set a global cors policy. It also indicates that we can't configure CORS on route based HTTP message handler.
Comments: This is a bit trickier than it seems because with batching the CORS protection applies to the batch and not to the sub-requests within it. A developer is more likely to want to control the CORS settings on the actual controller actions and not on the batch itself.