Skip to content

Instantly share code, notes, and snippets.

@gon250

gon250/web.config

Created August 6, 2015 10:36
Show Gist options
  • Save gon250/9aa6075c3662254073af to your computer and use it in GitHub Desktop.
Save gon250/9aa6075c3662254073af to your computer and use it in GitHub Desktop.
Download ZIP
Enable cors domain in the web.config
Raw
web.config
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
@heberfomin
Copy link

Hi there.
I have an Angular Application in one site trying to send http to another server in other site. I tryed this web.config above, on api's side, but didn't work. I'am not sure what happens, I receive the error: "Failed to load https://api.nameofsite.com/system/api/auth/login: Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response."

If I add this on web.config:

  <system.webServer>	
  	**<cors enabled="true">
            <add origin="*" />
        </cors>**	
	 <httpProtocol>

and to change access-control-allow-headers to:
<add name="Access-Control-Allow-Headers" value="*" />

and remove the line:
<add name="Access-Control-Allow-Origin" value="*" />

Start to work in dev environment (accessing by localhost:4200).

But, if I try to use in production (ng build) also served on IIS. I Receive this error:
POST https://api.nameofsite.com/system/api/auth/login 500

Looking inside request header, the parameters is empty. Something removed the header.

Request {#42
  #json: ParameterBag {#24
    #parameters: []
  }

Have you another suggestion of web.config to fix it?

POST https://api.nameofsite.com/system/api/auth/login 500

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment