Informational: CORS settings for .NET based Web Apps

Cross-origin resource sharing (CORS) is a specification that allows web assets (like css, fonts, js) on a web page to be requested from another domain (cross-domain communication from the browser). These “cross-domain” requests are usually forbidden by web browsers, per the same origin security policy. In particular, this meant that a web application using AJAX-based XMLHttpRequest could only make HTTP requests to the domain it was loaded from, and not to other domains.

CORS can be used as a modern alternative to the JSONP pattern. While JSONP supports only the GET request method, CORS also supports other types of HTTP requests.

Below are my web.config setting to allow CORS requests from .NET based Web APIs or services deployed on IIS 7/8: