question

JoeGreen-2947 avatar image
0 Votes"
JoeGreen-2947 asked SamWu-MSFT commented

Allow CORS: Access-Control-Allow-Origin not working

I have IIS 8.5 running on Win 2012 R2 server. I installed CORS module from here https://www.iis.net/downloads/microsoft/iis-cors-module. Created a web.config file with this

 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
  <system.webServer>
     <cors enabled="true" failUnlistedOrigins="true">
         <add origin="*" />
     </cors>
    <httpProtocol>
      <customHeaders>
         <add name="Access-Control-Allow-Origin" value="*" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>
 </configuration>

In IIS Manager, under HTTP Response Headers, I added Access-Control-Allow-Origin with a value of *.

Still I'm getting the CORS error - Access to XMLHttpRequest at 'https://google.com' from origin 'http://mysite.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

What am I doing wrong?

Joe





windows-server-iis
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JoeGreen-2947 Are you getting the same error without cors enabled? Maybe you can also try adding the following configuration to the web.config file to enable cors.

 <system.webServer>
     <httpProtocol>
         <customHeaders>
             <add name="Access-Control-Allow-Origin" value="*" />
             <add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS" />
             <add name="Access-Control-Allow-Headers" value="Content-Type, soapaction" />
         </customHeaders>
     </httpProtocol>
 </system.webServer>
0 Votes 0 ·

0 Answers