0

I created an asp.net mvc website which, among other uses, exposes some json to the public. Now I received the request to add the

"Access-Control-Allow-Origin"

header to allow an external XMLHttpRequest to fulfill it's work.

I added on the web-config:

<system.webServer>
<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="http://www.kkk.com"/>
  </customHeaders>
</httpProtocol>
</system.webServer>

But it doesn't show up when I verify on firebug or websniffer. During the debug on IIS express it works like a charm.

I'm using VS2013, mvc updated to the last nuget package.

The site is hosted under another website as application, using .net 4 dynamic app pool. (so it is http://api.example.com/io/controlleraction)

Shog9
  • 156,901
  • 35
  • 231
  • 235
Valerio
  • 3,297
  • 3
  • 27
  • 44
  • `During the debug on IIS express it works like a charm.` what do you mean by that if Firebug doesn't catch it? – jgauffin May 05 '14 at 10:37
  • The Access-Control-Allow-Origin doesn't show up when published on the production server. If I check with firebug during debug on IIS Express, I receive full headers (even with mvc junk). Same check on production server under IIS 7.5 (Win2008R2), just the regular headers, with no Access-Control-Allow-Origin. – Valerio May 05 '14 at 10:50
  • thanks @jgauffin but I tried everithing on that post with no luck – Valerio May 05 '14 at 13:47
  • I don't know why, but if I put it on HTTPS it works... – Valerio May 05 '14 at 14:56

0 Answers0