This scenario effects WebApi-on-Owin's _Soft_ 404 Not Found responses.
In SelfHost/OwinHost, route matching normally happens at HttpRoutingDispatcher, but when CORS is enabled, we add a message handler where we do route matching for pre-flight requests. This message handler runs before the HttpRoutingDispatcher.
Currently CORS handler(or specifically AttributeBasedPolicyProviderFactory.cs) returns a 500 Internal Server Error. We need to modify it to return a 404 Not Found response.
AttributeBasedPolicyProviderFactory.cs:
```
private static HttpActionDescriptor SelectAction(HttpRequestMessage request)
{
HttpConfiguration config = request.GetConfiguration();
if (config == null)
{
throw new InvalidOperationException(SRResources.NoConfiguration);
}
IHttpRouteData routeData = request.GetRouteData();
if (routeData == null)
{
routeData = config.Routes.GetRouteData(request);
if (routeData == null)
{
throw new InvalidOperationException(SRResources.NoRouteData);
}
request.Properties[HttpPropertyKeys.HttpRouteDataKey] = routeData;
}
```
In SelfHost/OwinHost, route matching normally happens at HttpRoutingDispatcher, but when CORS is enabled, we add a message handler where we do route matching for pre-flight requests. This message handler runs before the HttpRoutingDispatcher.
Currently CORS handler(or specifically AttributeBasedPolicyProviderFactory.cs) returns a 500 Internal Server Error. We need to modify it to return a 404 Not Found response.
AttributeBasedPolicyProviderFactory.cs:
```
private static HttpActionDescriptor SelectAction(HttpRequestMessage request)
{
HttpConfiguration config = request.GetConfiguration();
if (config == null)
{
throw new InvalidOperationException(SRResources.NoConfiguration);
}
IHttpRouteData routeData = request.GetRouteData();
if (routeData == null)
{
routeData = config.Routes.GetRouteData(request);
if (routeData == null)
{
throw new InvalidOperationException(SRResources.NoRouteData);
}
request.Properties[HttpPropertyKeys.HttpRouteDataKey] = routeData;
}
```