I have a site running locally that is giving me the following error:
I have the local site set up in the web.config file but I do not know whare the '*' is coming from.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Static Files" stopProcessing="true">
<match url="^(.*)$" />
<conditions logicalGrouping="MatchAll">
<add input="{SCRIPT_NAME}" pattern="\.(bmp|gif|jpe?g|png|ico|css|js|txt|pdf|doc|docx|xls|xlsx|xml|cfc|cfm|html|flv|swf|woff|woff2|ttf|eot|svg|map|mpeg|mp4|avi|mov|wmv|zip)$" ignoreCase="true" />
</conditions>
<action type="None" />
</rule>
<rule name="Redirect to CF Server" stopProcessing="true">
<match url="^api/(.*)$" />
<action type="Rewrite" url="index.cfm/{R:1}" />
</rule>
</rules>
</rewrite>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="http://localhost:3000" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
This is a Vue site running and trying to reach a Coldfusion API running locally as well.
My issue is I do not know where IIS is getting the '*' from in the CORS request.
I have tried manipulating the web.config file and if I take the
<add name="Access-Control-Allow-Origin" value="http://localhost:3000" />
out of the web.config then I cannot access the the local API site.
