0

I have some custom headers in system.webServer/httpProtocol/customHeaders section in web.config and they are properly returned in a response from live servers.

Recently we installed the same app on a different server with same IIS/.NET configuration and for some reason these web.config defined headers are ignored and not returned in response.

Any idea what could be wrong?

Dejan Stojanović
  • 119
  • 2
  • 9
  • What have you analyzed? – Lex Li Mar 15 '18 at 14:15
  • I have compared IIS version on both machines which is the same, compared machine.config on both machine which are both the same. Web.config file are of course the same since it is the same app. Any idea for anything else I should check? – Dejan Stojanović Mar 16 '18 at 18:38

1 Answers1

0

Finally I found the problem. I added location element to the config in %WINDIR%\System32\inetsrv\config\applicationHost.config with the headers I needed and headers start appearing in the response

<configuration>
...
<location path="MyWebsite">  
    <system.webServer>  
        <httpProtocol>
          <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Headers" value="Content-Type" />
            <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,HEAD,OPTIONS" />
            <add name="Access-Control-Expose-Headers" value="*" />
            <add name="Access-Control-Request-Headers" value="*" />
            <add name="Access-Control-Request-Method" value="GET,PUT,POST,DELETE,HEAD,OPTIONS" />
            <add name="X-Frame-Options" value="DENY" />
          </customHeaders>
        </httpProtocol>
    </system.webServer>  
</location>
...
</configuration>
Dejan Stojanović
  • 119
  • 2
  • 9