CORS and Internal Server Error responses


In ASP.NET WebApi2 if there is an internal server error, a 500 Response is sent <strong>without</strong> the Access-Control-Allow-Origin header, even when <a href="http://enable-cors.org/server_aspnet.html" rel="nofollow" title="CORS is enabled">CORS is enabled</a>.

This leads the browser to report a CORS error, not an internal server error.

I suppose a server in an erroneous state might not be able to report on the origins it will respond to so it seems to me like the browser should handle this exceptional case and report the internal error, rather than the CORS one.

A ) Is there a way to get the internal server error to show up in the browser as the reason my request failed?

B ) Should an issue be raised with the browser regarding this?


According to the CORS spec, the user agent (browser) should not reveal anything about the request if the response does not contain proper acknowledgement of the cross-origin request. So, the browsers are following the spec, and there is nothing more that can be done about this. If you want to programmatically reveal the underlying response status client-side, your server will need to properly acknowledge the cross-origin request by including the appropriate Access-Control-Allow header(s).


  • Laravel 4: fetching only models that have related models
  • DateTime.TryParse different results
  • Samsung Note layout issues
  • How can I add some Enum values to a combobox
  • MySQl, join/merge 2 tables without shared column and ordering by a common column
  • Pandas - 2 dataframes, add Index column of df1 to df2 on second column
  • Selecting TOP 4 records from multiple SQL Server tables. Using vb.net
  • Moving data between processes in Spartan 3
  • Adding new column to DataFrame with values dependent on index ref
  • Safari PHP form submission -file upload hangs
  • How to get google-services.json from Developer console?
  • How to check disabled jobs with Jenkins server?
  • Hibernate: Inheritance and relationship mapping + generics
  • How to protect an asp:textbox from user input?
  • AWS-SES: Handling Bounces for Invalid ISPs
  • Losing my session variables
  • Can I have a variable number of URI parameters or key-value pairs in Laravel 4?
  • How Get arguments value using inline assembly in C without Glibc?
  • what makes a request a new request in asp.net C#
  • How to make R's read_csv2() recognise the text characters properly
  • as3-flash: any way to access all the instances placed in different frames from document class?
  • Remove changes from one element when event occurs on another element?
  • Implementation of State Monad
  • System.InvalidCastException: Specified cast is not valid
  • Does it make sense to call System.gc() and Thread.sleep() when working on Bitmaps?
  • Caching attributes in superclass
  • How do I pass the string value parameter of the selected list item from an auto-populated dropdown l
  • Django rest serializer Breaks when data exists
  • Read a local file using javascript
  • How to rebase a series of branches?
  • What is Eclipse's Declaration View used for?
  • Azure Cloud Service Web Role web pages do not load
  • Apache 2.4 and php-fpm does not trigger apache http basic auth for php pages
  • Can Jackson SerializationFeature be overridden per field or class?
  • How to extract text from Word files using C#?
  • what is the difference between the asp.net mvc application and asp.net web application
  • How to make Safari send if-modified-since header?
  • How to pass list parameters for each object using Spring MVC?
  • Setting background image for body element in xhtml (for different monitors and resolutions)
  • JaxB to read class hierarchy