I have a Web API where I restricted access to your methods through EnableCors
, indicating the URL I want to give permission, as follows:
namespace WebService.Controllers
{
[EnableCors(origins: "http://myapp.net", headers: "*", methods: "*")]
public HttpResponseMessage GetItem(int id) { ... }
}
That way, if I try to access my controller from an application other than the url " link " the lock happens as expected.
However, when I try to access the direct api, just by pasting and accessing the url of my my api "www.minhaapi.com./GetItem/2", the blocking does not happen.
I would like to know how best to allow access to my api only from a x domain?