Enabling Cross-Origin Resource Sharing on Iis7

enabling cross-origin resource sharing on IIS7

It is likely a case of IIS 7 'handling' the HTTP OPTIONS response instead of your application specifying it. To determine this, in IIS7,

1. Go to your site's Handler Mappings.

2. Scroll down to 'OPTIONSVerbHandler'.

3. Change the 'ProtocolSupportModule' to 'IsapiHandler'

4. Set the executable:
   %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll

Now, your config entries above should kick in when an HTTP OPTIONS verb is sent.

Alternatively you can respond to the HTTP OPTIONS verb in your BeginRequest method.

    protected void Application_BeginRequest(object sender,EventArgs e)
    {
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");

        if(HttpContext.Current.Request.HttpMethod == "OPTIONS")
        {
            //These headers are handling the "pre-flight" OPTIONS call sent by the browser
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
            HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000" );
            HttpContext.Current.Response.End();
        }

    }

Access-Control-Allow-Origin is in IIS, but not working

Make sure the Ajax URL is correct.

In the original code posted, the URL of my Ajax request is looking at localhost instead of the FQDN of the machine hosting the service. That was the problem. Of course the Ajax request will not work if the service is not hosted at the URL. I was so distracted by the error message that I missed the obvious and easy solution.

How to add an Access-Control-Allow-Origin header in IIS7 with restrictions

Have you tried to put a web.config in the desired subfolder only? Have a look at "ASP.NET Configuration File Hierarchy and Inheritance".

Enabling CORS on IIS for only Font files

You can install the IIS rewrite Module https://www.microsoft.com/en-us/download/details.aspx?id=7435 . After installing the module, restart your IIS Manager and click on your website under the “Sites” node. If you see the URL Rewrite Module symbol (shown below) in the window on the right under IIS section, then you are ready to go:

Then on your Web.config, you need to add the following rule:

<rewrite>
 <rules>
  <rule name="Add Cross Origin Access">
    <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
    <conditions>
      <add input="{REQUEST_URI}" pattern="^[^\?]+\.(ttf|otf|eot|woff|woff2|svg)(\?.*)?$" />
    </conditions>
    <action type="Rewrite" value="*"/>
  </rule>
 </rules>
</rewrite>

CORS, IIS7 and PHP - Access-Control-Allow-Origin error

Based upon comments it looks like you're missing the Access-Control-Allow-Origin header when an OPTIONS request is submitted. According to this article it should be a simple case of adding the following code to your PHP page...

<?php
header('Access-Control-Allow-Origin: *');
?>

If that still doesn't work then you should check the IIS handler mapping for PHP (see here) and make sure that OPTIONS is an allowed verb. Hopefully that does the job!

This article also indicates that you could skip modifying the PHP at all and simply add the following to your web.config:

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*" />
      <add name="Access-Control-Allow-Headers" value="*" />
      <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
      <add name="Access-Control-Max-Age" value="1000" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

Be aware that this will open up the entire site rather than just one page...

---

Related Topics