All geek questions in one place

CORS Settings for IIS 7.5

Can someone help me, convert the following code for use in web.config in IIS 7.5 and where in the web.config file should I put every piece of code?

# Always set these headers. Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Max-Age "1000" Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token" # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request. RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L]
+6
source share
1 answer

If you ask for a solution to the CORS problem, you can follow this solution below.

NOTE. . Before adding all this, you should consider security issues.

  • Add this to your web.config file:

     <system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, HEAD, OPTIONS" /> <add name="Access-Control-Allow-Credentials" value="true"/> <add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" /> </customHeaders> </httpProtocol> </system.webServer>

  • If you have a Content-type parameter in your ajax call or you are making a PUT request. are considered PreFlight requests . Requests from the foreground OPTION before sending the main request (PUT, DELETE, etc.). You can add a method below to have your global.asax file successfully complete the OPTION process:

     protected void Application_BeginRequest() { if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS") { Response.Flush(); } }

For more information on Preflight queries, you can check here

For solution number 2 you can get detailed information from here

+17
source

Source: https://habr.com/ru/post/982403/

More articles:


All Articles