-1

I am trying to solve a CORS problem. We have an endpoint that supplies hmtl to two different domains. Most things I have read seem to say that you can either add a single domain to allow access, or use a wildcard. I don't want to use a wild card so can I just add

<httpProtocol>
 <customHeaders>
   <add name="Access-Control-Allow-Origin" value="first.domain.net,second.domain.net" />
 </customHeaders>

under the system.webserver section in my web.config?

will
  • 837
  • 3
  • 11
  • 24
  • If you want to support multiple domains, you need to do it in code and pay attention to the request's Origin header. If it's one of your allowed domains, you send that back as the ACAO header; if it isn't, then you don't. You won't be able to do this with configuration. –  Nov 01 '19 at 18:34

1 Answers1

1

No, only a single Origin may be specified, see MDN's documentation of the header.

gabriel.hayes
  • 2,267
  • 12
  • 15