Access to XMLHttpRequest at website from origin has been blocked by CORS policy
Posted: April 15th, 2022, 4:00 pm
This problem occurs when a website attempts to access a resource like an API on a domain different from it's own and it's not allowed to do so by the Access-Control-Allow-Origin http header. This is shown in the CORS security error screenshot attached.
You can simply add the http header for the calling application but it only allows for a single value to be returned. A method to solve this is to use the URLRewrite module in IIS to parse out the calling application and return a valid Access-Control-Allow-Origin based on a whitelist that's controlled by regular expressions as shown in the Web.config URL Rewrite attachment.