Enable CORS Feature on IIS

visual-studio-asp-net

The CORS feature which is running on IIS is not an easy task since there are too many resources over the Internet on this and these resources are obsolete mostly.

After some painful hours, a found a way to make it work.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpProtocol>
</httpProtocol>
<security>
<requestFiltering>
<verbs>
<add verb="OPTIONS" allowed="true" />
<add verb="GET" allowed="true" />
<add verb="POST" allowed="true" />
<add verb="PUT" allowed="true" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath=".\MyApplication.exe" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />
</system.webServer>
</location>
</configuration>

The code above states that, OPTIONS, GET, POST and PUT methods are allowed while filtering requests. This code removes WebDAV, OptionsVerbHandler, TRACEVerbHandler, and ExtensionlessUrlHandler by default and adds aspNetCore specific handler.

Nowadays the best practices of founding a software business pass through Angular & React with a back-end infrastructure.

By default as a security measure, the Google Chrome forbids CORS means Cross-Origin Resource Sharing and you have to enable it by the server-side to make your SPA (Single Page App) send requests to backend properly.

The content above should be located in root level web.config.

With love,