Access to XMLHttpRequest at website from origin has been blocked by CORS policy

This forum allows users to post and respond to "How Do I Do ....." questions. The information contained in this forum has not been validated by K-Rise Systems and, as such, K-Rise Systems cannot guarantee the accuracy of the information.
Matthew.Minchuk
Posts: 4
Joined: December 13th, 2021, 11:43 am
Contact:

Access to XMLHttpRequest at website from origin has been blocked by CORS policy

Unread post by Matthew.Minchuk »

This problem occurs when a website attempts to access a resource like an API on a domain different from it's own and it's not allowed to do so by the Access-Control-Allow-Origin http header. This is shown in the CORS security error screenshot attached.
CORS security error.png
You can simply add the http header for the calling application but it only allows for a single value to be returned. A method to solve this is to use the URLRewrite module in IIS to parse out the calling application and return a valid Access-Control-Allow-Origin based on a whitelist that's controlled by regular expressions as shown in the Web.config URL Rewrite attachment.
Web.config URL Rewrite.png
Attachments
web.config.txt
(6.89 KiB) Downloaded 74 times
web.config.txt
(6.89 KiB) Downloaded 74 times
word count: 116

Tags:
Post Reply