On my web server, I was able to allow CORS for one domain by adding the following to my config file:
<system.webServer>
<httpProtocol>
<customHeaders>
.....
<add name="Access-Control-Allow-Origin" value="https://domain2.com" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
.....
</system.webServer>
This allowed requests from https://domain2.com but I need to allow requests from additional domains.
After confirming the IIS CORS module is installed, I removed these changes and applied the following:
<system.webServer>
<cors enabled="true">
<add origin="https://mydomain2.com" allowCredentials="true" />
<add origin="https://mydomain3.com" allowCredentials="true" />
</cors>
.....
</system.webServer>
With this config, I am getting the following error:
Access to fetch at 'https://domain1.com' from origin 'https://domain2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
What can I do to allow requests from multiple domains?