In this chapter, we are going to discuss how to implement CORS on the Windows platform. The Windows platform includes IIS and ASP.NET Web API applications, as well as the Windows Communication Foundation.
We will learn about:
How to set the
Access-Control-Allow-Origin
header globally inweb.config
for Windows IIS ServerHow to install and use the
Microsoft ASP.NET Web API Cross-Origin Support
package, including:Setting CORS policies with the
EnableCorsAttribute
classDisabling CORS policies with the
DisableCors
attributeCreating dynamic CORS policies with the
Custom CORS Policy Attribute
classCreating dynamic CORS policies driven by logic with the custom CORS policy provider factory
How to use CORS in Windows Communication Foundation (WCF)
Note that Edge and Internet Explorer 10 fully support
XmlHttpRequest withCredentials
, IE 8 and 9 useXDomainRequest
instead ofXmlHttpRequest
, and IE 7 and lesser versions do not support CORS at all