Created
May 26, 2013 16:58
-
-
Save jalalhejazi/5653347 to your computer and use it in GitHub Desktop.
CORS: Web.config to enable CORS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <configuration> | |
| <system.webServer> | |
| <httpProtocol> | |
| <customHeaders> | |
| <add name="Access-Control-Allow-Origin" value="*"/> | |
| <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS"/> | |
| <add name="Access-Control-Allow-Headers" value="Content-Type"/> | |
| </customHeaders> | |
| </httpProtocol> | |
| </system.webServer> | |
| </configuration> |
I did the same but my OPTION call fails with 405.
Response header
access-control-allow-headers: Content-Type,Authorization,Cache-Control,Pragma, content-type Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD, OPTIONS access-control-allow-origin: * allow: GET, PATCH content-length: 0 date: Wed, 18 Sep 2019 08:11:09 GMT request-context: appId=cid-v1:46d7928d-c15f-4a2f-bded-4035f2eaba1f server: Kestrel status: 405 x-powered-by: ASP.NET x-sourcefiles: =?UTF-8?B?QzpcVXNlcnNcZndhXHNvdXJjZVxyZXBvc1xBdGVhLlNlY3VyaXR5LlVzZXIuU2VydmljZXNcQXRlYS5TZWN1cml0eS5Vc2VyLlNlcnZpY2VzXHVzZXJzXGJXOXlZV3RoYkd4bA==?=
What am i doing wrong?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This saved me a lot of heartache so thank you! Needed to allow 'Authorization' headers for a vendor-supplied API that I can now call from cross-domain websites (on the corporate network). I adapted your code slightly to suit my needs:
<add name="Access-Control-Allow-Headers" value="Content-Type,Authorization"/>Thanks again