How to implement "Access-Control-Allow-Origin" header in asp.net

Question

Is it possible to implement "Access-Control-Allow-Origin" header in asp.net

score 79 · Accepted Answer · edited Jun 20 '20 at 09:12

79

CORS on ASP.NET

If you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages:
Response.AppendHeader("Access-Control-Allow-Origin", "*");

See also: Configuring IIS6 / IIS7

edited Jun 20 '20 at 09:12

Community

1
1

answered Jun 29 '11 at 06:36

dtb

213,145
36
401
431

1

+1 Thanks, But I need to add this header only for resource files e.g. css & js files – Nitin Sawant Jun 29 '11 at 06:47
I have some js files which are frequently updated and i want to use them on other domain, but they wont work coz cross domain policy – Nitin Sawant Jun 29 '11 at 06:53
Anyways I'll add this to whole site – Nitin Sawant Jun 29 '11 at 06:54
How do you add it to the resource files? – LaundroMatt Jul 15 '12 at 17:20
At me, in the current version of c#, the accepted syntax was Response.Headers.Add("Access-Control-Allow-Origin", "*"); – mma Mar 22 '18 at 09:45

score 33 · Answer 2 · edited May 23 '17 at 12:10

33

Another option is to add it on the web.config directly:

<system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="http://www.yourSite.com" />
        <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS"/>
        <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
      </customHeaders>
    </httpProtocol>

... I found this in here

edited May 23 '17 at 12:10

Community

1
1

answered Apr 25 '17 at 10:47

DanielV

2,076
2
40
61

2

Is there a reason setting the value to a URL instead of a * doesn't work with json calls? – MC9000 May 28 '19 at 07:51

score 9 · Answer 3 · edited Apr 05 '18 at 07:54

1.Install-Package Microsoft.AspNet.WebApi.Cors

2 . Add this code in WebApiConfig.cs.

public static void Register(HttpConfiguration config)
{
    // Web API configuration and services

    // Web API routes

    config.EnableCors();

    config.MapHttpAttributeRoutes();

    config.Routes.MapHttpRoute(
        name: "DefaultApi",
        routeTemplate: "api/{controller}/{id}",
        defaults: new { id = RouteParameter.Optional }
    );
}

3. Add this

using System.Web.Http.Cors;

4. Add this code in Api Controller (HomeController.cs)

[EnableCors(origins: "*", headers: "*", methods: "*")]
public class HomeController : ApiController
{
    [HttpGet]
    [Route("api/Home/test")]
    public string test()
    {
       return "";
    }
}

this code allows CORS on specific action method and not a js file — Nitin Sawant, Dec 17 '16 at 04:47

score 1 · Answer 4 · answered Jul 26 '13 at 18:02

1

You would need an HTTP module that looked at the requested resource and if it was a css or js, it would tack on the Access-Control-Allow-Origin header with the requestors URL, unless you want it wide open with '*'.

answered Jul 26 '13 at 18:02

Westley

61
1

score 1 · Answer 5 · answered May 31 '18 at 15:18

Configuring the CORS response headers on the server wasn't really an option. You should configure a proxy in client side.

Sample to Angular - So, I created a proxy.conf.json file to act as a proxy server. Below is my proxy.conf.json file:

{
  "/api": {
    "target": "http://localhost:49389",
    "secure": true,
    "pathRewrite": {
      "^/api": "/api"
    },
    "changeOrigin": true
  }
}

Put the file in the same directory the package.json then I modified the start command in the package.json file like below

"start": "ng serve --proxy-config proxy.conf.json"

now, the http call from the app component is as follows:

return this.http.get('/api/customers').map((res: Response) => res.json());

Lastly to run use npm start or ng serve --proxy-config proxy.conf.json

How to implement "Access-Control-Allow-Origin" header in asp.net

5 Answers5

Linked