Fighting with CORS. I have a site that is making a simple XmlHttpRequest to a WEB API I built in C#.
var xhr = new XMLHttpRequest();
xhr.open("GET","https://server/controller/method", true);
xhr.send();
In my web.config I have done the following:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
I have also tried installing the Nuget package and doing the following in my WebApiConfig.cs
var cors = new EnableCorsAttribute(
origins: "*",
headers: "*",
methods: "*");
config.EnableCors(cors);
Despite these efforts, CORS still does not work. In the FireFox console, I get the following error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://server. This can be fixed by moving the resource to the same domain or enabling CORS.
IE also just fails and gives no error.
According to everything I have read, one of these solutions should work, yet they don't. Does something need to be enabled/changed in the client JavaScript? Does CORS not work when you run it in Visual Studio IIS Express on localhost:PortNumber? What am I missing?