Module for IIS that automatically sets Access-Control-Allow headers depending on the request headers
At some point I got tired of the way IIS works with CORS policies for backends that must be publicly accessible with authorization. Preflight requests constantly failed to get the correct headers, which made using my backend just one big problem.
This module simply solves the problem by forcing IIS to set Access-Control-Allow headers the way the requester wants them to be seen.
Yes, I know that this may not be entirely safe, but nevertheless, in some situations it is necessary
Firstly, since this is a module, feature Modules
must be enabled in IIS
For the module to work correctly, since it is written in C#, support for managed modules is required, module requires the .NET Extensibility 4.6
component to work
Path for Server Manager (Windows Server 2016):
Page Server Roles
Web server (IIS) -> Web Server -> Application Development -> .NET Extensibility 4.6
Select and proceed installation
- Create subfolder
Bin
in your application folder. For example, if your application root is C:\Sites\MyBestSite, you need to create C:\Sites\MyBestSite\Bin - Place files IISAnyCors.dll and IISAnyCors.pdb in bin folder from previous step
- Go to IIS Manager
- Choose you site, go to modules
- Click
Add Managed Module
- In
Type
dropdown list chooseAnyCors.AnyCorsModule
- Done