1

I'm having an issue allowing CORS requests on IIS v10 with an 2016 windows azure server. I downloaded and installed the IIS Cors module that is supposed to help take care of this, but I can't seem to get it to work. I keep getting a 405 method (OPTIONS) not allowed error. I was able to get it work with IIS 8.5.

After installing the IIS CORS Module, what configuration is needed? There doesn't seem to be much listed on their official documentation site. I've been trying all the typical web.config solutions but no matter what the header response has I seem to get this 405 error.

I did get this to work with IIS 8.5 so I'm unsure if I'm just missing a step in the process or if v10 has some issues with IIS CORS Module.

I've verified the rest api call does work when I put it into postman.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
RTDev123
  • 131
  • 1
  • 1
  • 3

1 Answers1

2

I fixed the issue by adding the code below to the web.config of the site I was querying after installing IIS Cors Module.

<cors enabled="true">
    <add origin="*" >
        <allowHeaders allowAllRequestedHeaders="true" />
    </add>
</cors>

It's worth to say you must add this option to the web.config section.

Community
  • 1
RTDev123
  • 131
  • 1
  • 1
  • 3
  • where do you put this snippet in the web.config file? struggling with this. Also, where did you find this information. I've scoured microsoft and cannot find anything! really! they must hide it well – MC9000 May 27 '20 at 08:48
  • 1
    Never mind. It doesn't work at all. Response headers get to Chrome, Firefox, Opera, etc, but all 3 browsers ignore CORS completely! Bug in the CORS module, changes to CORS by Mozilla (no longer supporting headers from IIS), who knows. I would love to see a single WORKING example from MS from start to finish with comments. This should not be so absurdly difficult to do, yet it is. (the only solution is to not use any 3rd party ajax services!!!) Talk about Web 2.0 killer. CORS is a nightmare. – MC9000 May 27 '20 at 09:28