Enable CORS in IIS 8.5 application [Answered]RSS

4 replies

Last post May 16, 2019 04:46 PM by DoctorYSG

  • Enable CORS in IIS 8.5 application

    May 13, 2019 06:41 PM|DoctorYSG|LINK

    We have a ERP application (Epicor) which provides a REST interface sitting inside of an II 8.5 (win server 2012R2).

    No problem doing POST/GET etc using Insomina (a desktop program similar to PostMan)

    In IIS we have enabled only Anonymous Authentication.

    However, the below request is getting a 401 Error and is blocking because of CORS (even though it has 'Access-Control-Allow-Origin':'*', )

    We are using Chrome V74

    ```
    const fetcher = (async () => {
    const url = 'https://epicorapp2.draper.com/ERP10.1Test/api/v1/Erp.BO.JobEntrySvc/GetNextJobNum'
    const raw = fetch(url, {
    method: 'POST',
    mode: 'cors',
    headers: {
    'Accept': 'application/json',
    'Authorization': 'Basic xxxxxxx=',
    'Access-Control-Allow-Origin':'*',
    'Content-Type': 'application/json'
    },
    body: JSON.stringify({})
    })
    console.log(raw)
    const nJob = await raw.json()
    console.log(nJob)
    return nJob
    })
    ```

    Here is the error:
    ```
    VM1115:1 OPTIONS https://epicorapp2.draper.com/ERP10.1Test/api/v1/Erp.BO.JobEntrySvc/GetNextJobNum 401 (Forbidden)

    dispatchInteractiveEvent @ Main.7485fc72.js:8458
    Main.html:1 Access to fetch at 'https://epicorapp2.draper.com/ERP10.1Test/api/v1/Erp.BO.JobEntrySvc/GetNextJobNum' from origin 'http://localhost' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
    ```

    What settings should we be using on IIS to allow the CORS request to go through?

  • Re: Enable CORS in IIS 8.5 application

    May 14, 2019 02:39 AM|Jalpa Panchal|LINK

    Hi DoctorYSG,

    Did You install cors module extension in iis? if not then you could install by web platform installer or by downloading from this link.

    You could also refer below article for more detail:

    IIS CORS module Configuration Reference

    Regards,

    Jalpa

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: Enable CORS in IIS 8.5 application

    May 15, 2019 07:51 PM|DoctorYSG|LINK

    We got I.T. to add the cors module, and I updated the the <system.webServer> section of the web.config but I am still getting an CORS error. Can you tell me what is wrong here?

        <httpProtocol>
         	<customHeaders>
           		<add name="Access-Control-Allow-Origin" value="*" />
         	</customHeaders>
        </httpProtocol>
        <cors enabled="true" failUnlistedOrigins="false">
        </cors>
     </system.webServer>



    This is the error:

    `Access to fetch at 'https://epicorapp2.draper.com/ERP10.1Test/api/v1/Erp.BO.JobEntrySvc/GetNextJobNum' from origin 'http://ysg4206.draper.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.`



  • Re: Enable CORS in IIS 8.5 application

    May 16, 2019 07:56 AM|Jalpa Panchal|LINK

    Hi,

    You could use below setting:

    <system.webServer>
        <httpProtocol>
          <customHeaders>
            <add name="Access-Control-Allow-Origin" value="http://my-external-app-domain.com" />
            <add name="Access-Control-Allow-Credentials" value="true" />
            <add name="Access-Control-Request-Headers" value="User-Agent,Content-Type,Authorization,X-RequestDigest,X-ClientService-ClientTag" />
            <add name="Access-Control-Request-Method" value="GET,POST,HEAD,OPTIONS" />
          </customHeaders>
        </httpProtocol>

    For more detail you could follow:

    https://blogs.iis.net/iisteam/getting-started-with-the-iis-cors-module

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: Enable CORS in IIS 8.5 application

    May 16, 2019 04:46 PM|DoctorYSG|LINK

    Great resource and great answer. I am going to check it. 


    But in our case, we the answer was not to install the cors module or this code. It is a .NET app pool client that we need to reach, and it has a application key that needed to be set:

    appSettings value: <add key="CorsOrigins" value="*" />