Monday, December 11, 2017

Can't rewrite Access_Control_Allow_Origin

By Hường Hana 6:00 AM , , Leave a Comment

I have one site that works like a cdn for my other sites.

I have added following to Web.config

<httpProtocol>   <customHeaders>     <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />     <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,PUT,DELETE" />     <add name="Arr-Disable-Session-Affinity" value="True" />   </customHeaders> </httpProtocol>  <rewrite>   <outboundRules>     <clear />     <rule name="AddCrossDomainHeader">       <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />       <conditions logicalGrouping="MatchAll" trackAllCaptures="true">         <add input="{HTTP_ORIGIN}" pattern="(http(s)?://((.+\.)?[a-zA-Z0-9-]*\.ap\.dk|(.+\.)?localhost\:[0-9]*))" />       </conditions>       <action type="Rewrite" value="{C:0}" />     </rule>   </outboundRules> </rewrite>

I was inspired by answer #2 in here Access-control-allow-origin with multiple domains

But the rewrite of Access_Control_Allow_Origin does only work on localhost. On live site, it is not rewritten and then I get an error like this:

Failed to load https://aptestlogin.ap.dk//Widgets/Footer.html: The 'Access-Control-Allow-Origin' header has a value 'https://aptestproject.ap.dk' that is not equal to the supplied origin. Origin 'https://aptestcompany.ap.dk' is therefore not allowed access

In order to load this 'Footer.html' I'll have to clear cache in my brower, and repeat this if I open a another site that calls for this.

4 Answers

Answers 1

Try check regex pattern. Maybe forward slashes is unescaped // or something else.

https?:\/\/((.+\.)?[a-zA-Z0-9-]*\.ap\.dk|(.+\.)?localhost(\:[0-9]*)?)

Answers 2

https://enable-cors.org/server_aspnet.html

Above will provide a solution for your matter.

Answers 3

Can you try like this

Install-Package Microsoft.AspNet.WebApi.Cors

Open the file App_Start/WebApiConfig.cs.

public static void Register(HttpConfiguration config)         {              config.EnableCors(); //add this           }

Answers 4

Change

<match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />

to

<match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern="*" />
If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment