Menu
Is there anyway to allow multiple cross-domains using Access-Control-Allow-Origin in the web.config file?
Currently I am using * to allow multiple domains at once.
<add name="Access-Control-Allow-Origin" value="*" />
But I don't want to use * because it's open for all domains and I only want to allow some specific domains.
So,there anyway to allow multiple cross-domains using the Access-Control-Allow-Origin in web.config file?
I found some related posts:
I already tried to get the request header to validate the request origin (As suggested in post 1) but was unsuccessful. Because I am using an iframe element, when I try to get the request header, it provides the origin (domain) of the iframe. But here I want the original (parent window) origin (domain).
882
For IIS 7.5+ you can use IIS CORS Module: https://www.iis.net/downloads/microsoft/iis-cors-module
Your web.config should be something like this replacing [origin_#] for your domains:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<cors enabled="true" failUnlistedOrigins="true">
<add origin="[origin_1]">
<allowMethods>
<add method="GET" />
<add method="HEAD" />
<add method="POST" />
<add method="PUT" />
<add method="DELETE" />
</allowMethods>
</add>
<add origin="[origin_2]">
<allowMethods>
<add method="GET" />
<add method="HEAD" />
<add method="POST" />
<add method="PUT" />
<add method="DELETE" />
</allowMethods>
</add>
</cors>
</system.webServer>
</configuration>
You can find the configuration reference in here: https://learn.microsoft.com/en-us/iis/extensions/cors-module/cors-module-configuration-reference
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
