0

On my web server, I was able to allow CORS for one domain by adding the following to my config file:

<system.webServer>
  <httpProtocol>
    <customHeaders>
        .....
      <add name="Access-Control-Allow-Origin" value="https://domain2.com" />
      <add name="Access-Control-Allow-Headers" value="Content-Type" />
      <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
      <add name="Access-Control-Allow-Credentials" value="true" />
    </customHeaders>
  </httpProtocol>
  .....
</system.webServer>

This allowed requests from https://domain2.com but I need to allow requests from additional domains.

After confirming the IIS CORS module is installed, I removed these changes and applied the following:

<system.webServer>
  <cors enabled="true">
    <add origin="https://mydomain2.com" allowCredentials="true" />
    <add origin="https://mydomain3.com" allowCredentials="true" />
  </cors>
  .....
</system.webServer>

With this config, I am getting the following error:

Access to fetch at 'https://domain1.com' from origin 'https://domain2.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

What can I do to allow requests from multiple domains?

cfoster5
  • 1,326
  • 2
  • 17
  • 34
  • Did you want to Access-Control-Allow-Origin Multiple Origin Domains? if so, you can achieve this by .htaccess. [https://stackoverflow.com/a/1850482/13336642](https://stackoverflow.com/a/1850482/13336642). – samwu May 26 '21 at 09:44

0 Answers0