Can't rewrite Access_Control_Allow_Origin

Question

I have one site that works like a cdn for my other sites.

I have added following to Web.config

<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
    <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,PUT,DELETE" />
    <add name="Arr-Disable-Session-Affinity" value="True" />
  </customHeaders>
</httpProtocol>

<rewrite>
  <outboundRules>
    <clear />
    <rule name="AddCrossDomainHeader">
      <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
      <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
        <add input="{HTTP_ORIGIN}" pattern="(http(s)?://((.+\.)?[a-zA-Z0-9-]*\.ap\.dk|(.+\.)?localhost\:[0-9]*))" />
      </conditions>
      <action type="Rewrite" value="{C:0}" />
    </rule>
  </outboundRules>
</rewrite>

I was inspired by answer #2 in here Access-control-allow-origin with multiple domains

But the rewrite of Access_Control_Allow_Origin does only work on localhost. On live site, it is not rewritten and then I get an error like this:

Failed to load https://aptestlogin.ap.dk//Widgets/Footer.html: The 'Access-Control-Allow-Origin' header has a value 'https://aptestproject.ap.dk' that is not equal to the supplied origin. Origin 'https://aptestcompany.ap.dk' is therefore not allowed access

In order to load this 'Footer.html' I'll have to clear cache in my brower, and repeat this if I open a another site that calls for this.

Is IIS works on live directly or via proxy lake a nginx? – Interreto Dec 09 '17 at 23:15 — Interreto, Dec 09 '17 at 23:15

Interreto · Answer 1 · 2017-12-09T23:06:22.087

0

Try check regex pattern. Maybe forward slashes is unescaped // or something else.

https?:\/\/((.+\.)?[a-zA-Z0-9-]*\.ap\.dk|(.+\.)?localhost(\:[0-9]*)?)

edited Dec 09 '17 at 23:06

answered Dec 09 '17 at 22:58

Interreto

122
1
3

score 0 · Answer 2 · answered Dec 11 '17 at 06:48

0

https://enable-cors.org/server_aspnet.html

Above will provide a solution for your matter.

answered Dec 11 '17 at 06:48

Nisal Waduge

3
3

sonertbnc · Answer 3 · 2017-12-11T07:30:01.703

0

Can you try like this

Install-Package Microsoft.AspNet.WebApi.Cors

Open the file App_Start/WebApiConfig.cs.

public static void Register(HttpConfiguration config)
        {

            config.EnableCors(); //add this


        }

edited Dec 11 '17 at 07:30

answered Dec 11 '17 at 07:17

sonertbnc

1,580
16
26

score 0 · Answer 4 · answered Dec 11 '17 at 12:50

0

Change

<match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />

to

<match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern="*" />

answered Dec 11 '17 at 12:50

A. STEFANI

6,707
1
23
48

score 0 · Answer 5 · answered Dec 11 '17 at 14:05

If you are working in Visual Studio install the Microsoft.AspNet.WebApi.Cors from the package manager or Nuget package manager if you have.

Open the file App_Start/WebApiConfig.cs. Add the following code to the WebApiConfig.Register method.

using System.Web.Http;
namespace WebService
{
  public static class WebApiConfig
 {
    public static void Register(HttpConfiguration config)
    {
        // New code
        config.EnableCors();

        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{id}",
            defaults: new { id = RouteParameter.Optional }
        );
    }
  }
}

This enable the cors to the whole application if you want to know more about this CROSS ORIGIN RESOURCE SHARING(CORS) refer over here https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api or search in Youtube you'll get a lot of videos for it.

Can't rewrite Access_Control_Allow_Origin

5 Answers5