I follow something similar to these steps to add CORs to IIS 10 and after about 10 minutes, the response header is removed and CORs stops working.
Open Internet Information Service (IIS) Manager.
Right click the site you want to enable CORS for and go to Properties.
Change to the HTTP Headers tab.
In the Custom HTTP headers section, click Add.
Enter Access-Control-Allow-Origin as the header name.
Enter * as the header value.
Click Ok twice.
Then I go back to Visual Studio and publish my project. Why are my CORs response headers being removed and how do I make them stay?
Thanks to a strong hint from S. Walker, I went onto the server, modified the response header as desired and then looked at the web.config file.
It had added:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
So I copied that into my project web.config file and published. Now it doesn't disappear and CORs continues to work. Seems obvious now.
Related
I have a nodejs backend, site served through iis7 via reverse proxy as per this website: https://alex.domenici.net/archive/deploying-a-node-js-application-on-windows-iis-using-a-reverse-proxy. In the node app i have a middleware layer to all get requests to cache content, like so
res.set('Cache-control', public, max-age=${period})
When running on my local machine i'm checking the headers via google developer tools and it does look like caching is working properly. When I move it to production, i can't seem get it to work. On IIS i've configured the HTTP Response Headers to expire after 10 days. My web.config looks like so (again per the link above)
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="10.00:00:00"/>
</staticContent>
</system.webServer> </configuration>
Tried various things without success. The only possible lead i have at this point is from this thread
https://social.msdn.microsoft.com/Forums/vstudio/en-US/981bf691-ed6e-460a-9e99-af24fc8bfc0e/nodejsweb-apps-output-cache-not-working-for-node-web-app?forum=opensourcedevwithazure
but i have no idea how to make the suggested change in the web.config file. A couple of notes, im currently just running my node app in the command prompt like so: node app.js, not as node bin/www as suggested in the link (having some odd issues). Also, the site is still very much in development so on ssl. Read that chrome might have some issues with it, but the problem is present in all browser tested (chrome, firefox, etc...)
I've created an HTTPS server using IIS Manager (Windows 10). Now, I want this server to support CORS requests.
I've read some information. For example,
this link says that I have to create a file web.config in the directory. Unfortunately, it didn't work out.
This link says that I should edit some config files, but I don't find them on my machine.
I had a similar issue recently. Most tutorial/documentation only suggests adding custom headers in the configuration. But this does not tell IIS to handle the CORS Pre-flight request by itself.
To do so, you must install the CORS Module in IIS and add some configuration in the web.config file, as explained here: IIS CORS module Configuration Reference
I recently used this to Reverse Proxy to a REST API and handling the CORS only in IIS so that I don't have to rebuild my project to change CORS settings.
Try to add this into :
<system.webServer>
<modules>
<remove name="WebDAVModule" />
</modules>
</system.webServer>
I'm using IIS 7 and I've got a site setup with an additional HTTP response header (X-UA-Compatible header).
I'm deploying an MVC4 project remotely to IIS using the Publish feature in Visual Studio 2010, which uses Web Deploy.
Problem is, every time I publish the site, the HTTP response header gets removed from the config in IIS - is there some way I can prevent this?
I figured it out - when you set headers at the site level in IIS 7, it alters the web.config file. I needed to add a customHeaders element in the web.config file that is deployed:
<system.webServer>
...
<httpProtocol>
<customHeaders>
<add name="X-UA-Compatible" value="IE=edge" />
</customHeaders>
</httpProtocol>
...
</system.webServer>
I am preparing to demo Lightswitch to a group of about 100 software developers in a couple weeks and
have run into a snag.
I have a VS2012 solution with two projects:
Lightswitch - simple data model and ApplicationData.svc
Web - contains a web page that attempts to communicate with the ApplicationData.svc using JQuery Ajax
My problem is when I try to run the solution and execute the AJAX command, I get the following error:
XMLHttpRequest cannot load http://localhost:37650/ApplicationData.svc/MyEntities. Origin
http://localhost:53408 is not allowed by Access-Control-Allow-Origin.
After googling around for a while, I found this advice, which looked promising:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
But it did not resolve the issue. Any ideas?
Thanks!
You may need to add:
headers: { "If-Match": " *" }
see:
A Full CRUD DataJs and KnockoutJs LightSwitch Example Using Only An .Html Page
http://lightswitchhelpwebsite.com/Blog/tabid/61/EntryId/128/A-Full-CRUD-DataJs-and-KnockoutJs-LightSwitch-Example-Using-Only-An-Html-Page.aspx
I solved the same problem with this:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Max-Age" value="3600" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Accept, MaxDataServiceVersion" />
<add name="Access-Control-Allow-Methods" value="PUT, POST, GET, DELETE, MERGE, OPTIONS" />
</customHeaders>
</httpProtocol>
I've been running into the same issue, only mine is that I am creating a HTML5 JQuery Mobile application that is NOT a web application. The app is JQuery based app that I am going to run through PhoneGap. My issue is that when I make the calls from the mobile app, I get the same cross domain issues.
What browser are you using to test? I am doing Chrome and I get the issue because of the initial Options request (see http://www.w3.org/TR/cors/ ). I've tried a bunch of possible solutions, like updating config files and so on, but to no avail.
My next kick at the cat will be to intercept the initial Options request by creating an IHttpHandler that I can apply as an attribute to the WCF service I am using (did I mention that I created custom WCF services within the Server project in the LightSwitch solution?).
I'll keep you posted...
Paul
Trying to cache a large js file on the client browser. When I check firefox's cache information, it shows the js to expire on 12/31/1969. I'm using IIS6 and have tried adding the following code to the web.config:
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" />
</staticContent>
Still the same. How can I get the browser to cache this file?
In IIS, right click on your Site node and click Properties. Go to the HTTP Headers tab, tick Enable content expiration and set an expiry time.
You may have to configure that in IIS, I'm not sure that IIS6 honors that web.config setting like IIS7 does.