How to implement "Access-Control-Allow-Origin" header in asp.net
Solution 1
From enable-cors.org:
CORS on ASP.NET
If you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages:
Response.AppendHeader("Access-Control-Allow-Origin", "*");
See also: Configuring IIS6 / IIS7
Solution 2
Another option is to add it on the web.config directly:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="http://www.yourSite.com" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS"/>
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
</customHeaders>
</httpProtocol>
... I found this in here
Solution 3
1.Install-Package Microsoft.AspNet.WebApi.Cors
2 . Add this code in WebApiConfig.cs.
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
// Web API routes
config.EnableCors();
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
3. Add this
using System.Web.Http.Cors;
4. Add this code in Api Controller (HomeController.cs)
[EnableCors(origins: "*", headers: "*", methods: "*")]
public class HomeController : ApiController
{
[HttpGet]
[Route("api/Home/test")]
public string test()
{
return "";
}
}
Solution 4
You would need an HTTP module that looked at the requested resource and if it was a css or js, it would tack on the Access-Control-Allow-Origin header with the requestors URL, unless you want it wide open with '*'.
Solution 5
Configuring the CORS response headers on the server wasn't really an option. You should configure a proxy in client side.
Sample to Angular - So, I created a proxy.conf.json file to act as a proxy server. Below is my proxy.conf.json file:
{
"/api": {
"target": "http://localhost:49389",
"secure": true,
"pathRewrite": {
"^/api": "/api"
},
"changeOrigin": true
}
}
Put the file in the same directory the package.json then I modified the start command in the package.json file like below
"start": "ng serve --proxy-config proxy.conf.json"
now, the http call from the app component is as follows:
return this.http.get('/api/customers').map((res: Response) => res.json());
Lastly to run use npm start or ng serve --proxy-config proxy.conf.json
Related videos on Youtube
Nitin Sawant
Hi there 👋 ⚡ My name is Nitin. I am a web developer. 👯 I now help startups, businesses and entrepreneurs build their own apps. I am professional and handle everything from helping you 'spec-out' the app to performing the QA, and making sure that it's launched and hosted on a server. I am totally communicative and I have references available upon request. 💬 Send me an email to schedule a free consultation. [email protected]
Updated on June 01, 2020Comments
-
Nitin Sawant about 4 years
Is it possible to implement "Access-Control-Allow-Origin" header in asp.net
-
Nitin Sawant almost 13 years+1 Thanks, But I need to add this header only for resource files e.g. css & js files
-
Nitin Sawant almost 13 yearsI have some js files which are frequently updated and i want to use them on other domain, but they wont work coz cross domain policy
-
Nitin Sawant almost 13 yearsAnyways I'll add this to whole site
-
LaundroMatt almost 12 yearsHow do you add it to the resource files?
-
Nitin Sawant over 7 yearsthis code allows CORS on specific action method and not a js file
-
mma over 6 yearsAt me, in the current version of c#, the accepted syntax was Response.Headers.Add("Access-Control-Allow-Origin", "*");
-
MC9000 about 5 yearsIs there a reason setting the value to a URL instead of a * doesn't work with json calls?