I’ve just been setting up an API that can be used for a remote website to look up data on my central website, during this process I came across the usual CORS error. The API set up was a complete doddle with Wappler and very very powerful.
Its a Windows server running IIS.
As I don’t so this very often I totally forgot the solution so thought I’d post it here to help myself and others in the same situation.
The error I had was:
XMLHttpRequest cannot load - No 'Access-Control-Allow-Origin' header is present on the requested resource
The solution is a simple change to the web.config file, here:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>
These settings are set on the site hosting the WEB SERVICES not the site that is attempting to access them.
Full details here: http://gkb.wikidot.com/setting-cors-on-iis-8