Cross site access in IIS

Note: This post was written a while back but sat in draft. I’ve published this now, but I’m not sure it’s relevant to the latest versions etc. so please bear this in mind.

How do we handle CORS (cross site) access within IIS, i.e. how to we allow/enable it?

We simply need to create a web.config file in the root of our web application, here’s an example

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <defaultDocument>
      <files>
        <clear />
        <add value="data.json" />
      </files>
    </defaultDocument>
    <staticContent>
      <mimeMap fileExtension=".json" mimeType="text/json" />
    </staticContent>
    <httpProtocol>
      <customHeaders>
       	<add name="Access-Control-Allow-Origin" value="http://localhost:3000" />
      	<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, HEAD, OPTIONS" />
      	<add name="Access-Control-Allow-Credentials" value="true"/>
      	<add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>
</configuration>

Here, within the customHeaders section we explicitly allow origin of localhost (this value could be set to *).

My Memory

Outsourcing my memory and thoughts (and other ramblings) to the web

Cross site access in IIS