Versions Compared

Old Version 1

changes.mady.by.user Matt Walker

Saved on

compared with

New Version Current

changes.mady.by.user Matt Walker

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The IIS CORS module is configured via the <cors> element as part of the <system.webServer> section. The section can be configured at the server, site, or application level for instance by updating the D:\Astun\iShare\LIVE\WebApps\Web\web.config file. Notes on how to configure the module here: https://blogs.iis.net/iisteam/getting-started-with-the-iis-cors-module.

Configuration

Allow specific sites

This is the most likely scenario, and will allow you to add ol-ishare.services.astuntechnology.com and the domain(s) used by the customer site(s) like so.

Code Block
languagexml
  <system.webServer>
  .....
    <cors enabled="true">
      <add origin="https://ol-ishare.services.astuntechnology.com">
        <allowMethods>
            <add method="GET" />
            <add method="HEAD" />
        </allowMethods>
      </add>
      <add origin="https://*.example.gov.uk">
        <allowMethods>
            <add method="GET" />
            <add method="HEAD" />       
        </allowMethods>
      </add>
    </cors>
  .....
  </system.webServer>

Allow all sites

In this simplest example, the CORS module module will allow requests from all origins. Note that this will probably be flagged as a vulnerability by security audits.

Code Block
languagexml
  <system.webServer>
  .....
    <cors enabled="true">
      <add origin="*" />
    </cors>
  .....
  </system.webServer>

Testing

To test whether CORS has been enabled :

...