ASP.NET - How to Redirect from HTTP to HTTPS and specific origin by Web.config [CORS policy issue]

Question

I do redirect users from Http to Https by below configuration

<rewrite>
  <rules>
    <rule name="HTTP_TO_HTTPS" enabled="true" stopProcessing="true">
      <match url="(.*)"/>
      <conditions logicalGrouping="MatchAny">
        <add input="{HTTPS}" pattern="^OFF$"/>
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false"/>
    </rule>
  </rules>
</rewrite>       

it works as expected. But here is a problem that it only redirects to Https but not excepted origin. I mean

http://www.example.com to https://www.example.com

http://example.com to https://example.com

The above situation cause, users have different origins that the Cross-origin resource sharing (CORS) policy problem.

I want to redirect all users to https://example.com in order to avoid conflicted origins.

Answer 1

You could use the rewrite module to remove the WWW part also

<rule name="Remove www" stopProcessing="true">
  <match url="(.*)" ignoreCase="true" />
  <conditions>
    <add input="{HTTP_HOST}" pattern="^www" />
  </conditions>
  <action type="Redirect" url="http://example.com/{R:0}" redirectType="Permanent" />
</rule>

Answer 2

By Adding Header Information in Web.config

Another fix we can do is that add some tags to our Web.config file.

<system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
          <add name="Access-Control-Allow-Headers" value="Content-Type" />
          <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
         <add name="Access-Control-Allow-Credentials" value="true" />
        </customHeaders>
      </httpProtocol>
  </system.webServer>