Cross-Origin Resource Sharing (CORS) is a mechanism that allows resources (e.g., fonts, JavaScript, etc.) on a web page to be requested outside the domain from which
the resource originated. Unless this HTTP header is present, such "cross-domain" requests are forbidden by web browsers, per the same-origin security policy.
This is generally not appropriate when using the same-origin security policy. The only case where this is appropriate using the same-origin policy is when a page or API response
is considered completely public content and is intended to be accessible to everyone.
If this page is intended to be accessible to everyone, no action is required. Otherwise, follow the appropriate guideline below based on your server architecture to
set this header and restrict cross-origin access.
Access-Control-Allow-Origin as the header namedomain as the header value
Merge the following XML into the web.config file at the root of your application or site:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="domain" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
If you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages:
Response.AppendHeader("Access-Control-Allow-Origin", "domain");
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...
Content Sniffing
Certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly...