Access-control-allow-origin with multiple domains

by

For IIS 7.5+ and Rewrite 2.0 you can use:

<system.webServer>
   <httpProtocol>
     <customHeaders>
         <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
         <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,PUT,DELETE" />
     </customHeaders>
   </httpProtocol>
        <rewrite>            
            <outboundRules>
                <clear />                
                <rule name="AddCrossDomainHeader">
                    <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
                        <add input="{HTTP_ORIGIN}" pattern="(http(s)?://((.+\.)?domain1\.com|(.+\.)?domain2\.com|(.+\.)?domain3\.com))" />
                    </conditions>
                    <action type="Rewrite" value="{C:0}" />
                </rule>           
            </outboundRules>
        </rewrite>
 </system.webServer>

Explaining the server variable RESPONSE_Access_Control_Allow_Origin portion:
In Rewrite you can use any string after RESPONSE_ and it will create the Response Header using the rest of the word as the header name (in this case Access-Control-Allow-Origin). Rewrite uses underscores “_” instead of dashes “-” (rewrite converts them to dashes)

Explaining the server variable HTTP_ORIGIN :
Similarly, in Rewrite you can grab any Request Header using HTTP_ as the prefix. Same rules with the dashes (use underscores “_” instead of dashes “-“).

More Related Contents:

  1. How to increase request timeout in IIS?
  2. How to prevent an ASP.NET application restarting when the web.config is modified?
  3. IIS URL Rewrite and Web.config
  4. ASP.NET: HTTP Error 500.19 – Internal Server Error 0x8007000d
  5. Web Application Problems (web.config errors) HTTP 500.19 with IIS7.5 and ASP.NET v2
  6. Using different Web.config in development and production environment
  7. Forms authentication timeout vs sessionState timeout
  8. HTTP Error 503, the service is unavailable
  9. Setting up connection string in ASP.NET to SQL SERVER
  10. ASP.NET web.config: configSource vs. file attributes
  11. IIS7 Cache-Control
  12. ASP.NET Web API OperationCanceledException when browser cancels the request
  13. HTTP Error 403.14 – Forbidden – The Web server is configured to not list the contents of this directory
  14. How can I share a session across multiple subdomains in ASP.NET?
  15. How to keep ASP.NET assemblies in AppDomain alive?
  16. HTTP Error 500.22 – Internal Server Error (An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.)
  17. What is limiting the # of simultaneous connections my ASP.NET application can make to a web service?
  18. NuGet: ‘X’ already has a dependency defined for ‘Y’
  19. Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’
  20. Store String Array In appSettings?
  21. How to allow internal MVC Web Api from external site outside the network
  22. How to deliver big files in ASP.NET Response?
  23. double escape sequence inside a url : The request filtering module is configured to deny a request that contains a double escape sequence
  24. IIS7 – The request filtering module is configured to deny a request that exceeds the request content length
  25. Script not served by static file handler on IIS7.5
  26. The configuration section ‘system.web.extensions’ cannot be read because it is missing a section declaration
  27. web.config and app.config confusion
  28. IIS Session Timeout vs ASP.NET Session Timeout
  29. Editing Web.config programmatically
  30. IIS AAR – URL Rewrite for reverse proxy – how to send HTTP_HOST

Leave a Comment