enabling CORS - custom response headers do not match

Question

I'm trying to get CORS working on my IIS 7.5 webserver. I have added the following lines to my web.config:

  <httpProtocol>
    <customHeaders>
      <remove name="Access-Control-Allow-Origin" />
      <remove name="Access-Control-Allow-Headers" />
      <remove name="Access-Control-Allow-Methods" />
      <add name="Access-Control-Allow-Headers" value="Content-Type,Authorization" />
      <add name="Access-Control-Allow-Credentials" value="true" />
      <add name="Access-Control-Allow-Origin" value="http://srv2008:85" />
      <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS" />
    </customHeaders>
  </httpProtocol>

When checking Response Headers, only FireFox (36.0) seems to pick up the correct headers:

in FF:

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type,Authorization
Access-Control-Allow-Methods: POST,GET,OPTIONS
access-control-allow-origin: http://srv2008:85

in Chrome:

Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:POST,GET,OPTIONS
Access-Control-Allow-Origin:*

in IE11:

Access-Control-Allow-Origin *
Access-Control-Allow-Headers    Content-Type
Access-Control-Allow-Methods    POST,GET,OPTIONS

Why are these three Reponse Headers not the same for all three browsers when they are requesting the exact same page on the webserver? How come Chrome and IE just ignore my custom Headers?

score 0 · Answer 1 · answered Mar 12 '15 at 13:21

0

Found the answer myself. It seemed there was another web.config with conflicting settings. Strange though that different browsers reacted te different web.config files...

answered Mar 12 '15 at 13:21

mokum

25
5

enabling CORS - custom response headers do not match

1 Answers1