How to Enable Cross-Origin Resource Sharing (CORS) on IIS7: A Step-by-Step Guide-JS Tutorial-php.cn

Home

Web Front-end

JS Tutorial

How to Enable Cross-Origin Resource Sharing (CORS) on IIS7: A Step-by-Step Guide

Oct 27, 2024 am 02:07 AM

How to Enable Cross-Origin Resource Sharing (CORS) on IIS7: A Step-by-Step Guide

Enabling Cross-Origin Resource Sharing on IIS7: A Comprehensive Guide

Introduction

Cross-Origin Resource Sharing (CORS) allows resources from one domain to be fetched and utilized by applications from a different origin. To enable CORS on IIS7, follow these steps:

Configuration

Add Custom Headers:

Navigate to the web.config file for the hosting domain.
Add the following custom headers within the <httpProtocol> section:

&lt;customHeaders&gt;
  &lt;add name=&quot;Access-Control-Allow-Origin&quot; value=&quot;*&quot; /&gt;
  &lt;add name=&quot;Access-Control-Allow-Methods&quot; value=&quot;GET,PUT,POST,DELETE,OPTIONS&quot; /&gt;
  &lt;add name=&quot;Access-Control-Allow-Headers&quot; value=&quot;Content-Type&quot; /&gt;
&lt;/customHeaders&gt;

Copy after login

Troubleshooting

Despite the configuration, if you still receive a 405 response, it may be due to IIS7's handling of HTTP OPTIONS.

Option 1: Modify IIS7 Handler Mappings

Open IIS Manager.
Navigate to Handler Mappings.
Locate "OPTIONSVerbHandler."
Change "ProtocolSupportModule" to "IsapiHandler."

Set the executable to:

%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll

Copy after login

Option 2: Handle OPTIONS Verb in Code

Override the BeginRequest method in your application code:

protected void Application_BeginRequest(object sender,EventArgs e)
{
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");

    if(HttpContext.Current.Request.HttpMethod == "OPTIONS")
    {
        // Handle pre-flight OPTIONS call from browser
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
        HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000" );
        HttpContext.Current.Response.End();
    }
}

Copy after login

Conclusion

Enabling CORS on IIS7 requires both configuration updates and potential troubleshooting. By following the steps outlined above, you can empower cross-origin interactions with confidence.

The above is the detailed content of How to Enable Cross-Origin Resource Sharing (CORS) on IIS7: A Step-by-Step Guide. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn