...
The IIS CORS module is configured via the <cors> element as part of the <system.webServer> section. The section can be configured at the server, site, or application level for instance by updating the D:\Astun\iShare\LIVE\WebApps\Web\web.config
file. Notes on how to configure the module here: https://blogs.iis.net/iisteam/getting-started-with-the-iis-cors-module.
Configuration
Allow specific sites
This is the most likely scenario, and will allow you to add ol-ishare.services.astuntechnology.com
and the domain(s) used by the customer site(s) like so.
Code Block | ||
---|---|---|
| ||
<system.webServer> ..... <cors enabled="true"> <add origin="https://ol-ishare.services.astuntechnology.com"> <allowMethods> <add method="GET" /> <add method="HEAD" /> </allowMethods> </add> <add origin="https://*.example.gov.uk"> <allowMethods> <add method="GET" /> <add method="HEAD" /> </allowMethods> </add> </cors> ..... </system.webServer> |
Allow all sites
In this simplest example, the CORS module module will allow requests from all origins. Note that this will probably be flagged as a vulnerability by security audits.
Code Block | ||
---|---|---|
| ||
<system.webServer> ..... <cors enabled="true"> <add origin="*" /> </cors> ..... </system.webServer> |
Testing
To test whether CORS has been enabled :
...