-1

This is an inbound rule in my iis web site.

    <rewrite>
        <rules>
            <rule name="ToBackEnd">
                <match url="^v1/api/(.*)" />
                <action type="Rewrite" url="https://172.16.8.78/v1/api/{R:1}" />
            </rule>
        </rules>
    </rewrite>

I want to add a header (Access-Control-Allow-Origin) to the response for oly this request. There are some solutions tags in . But I do not want this? How can I set in rule?

barteloma
  • 6,403
  • 14
  • 79
  • 173
  • "I don't want" is an interesting idea. Well, it is only feasible to use things like CORS module, https://blogs.iis.net/iisteam/getting-started-with-the-iis-cors-module An inbound rule cannot modify responses. – Lex Li Jun 16 '20 at 13:48
  • Why "I don't want"? Because I applied this in an existing web site that has inner cors policies. So when I add a new one in web.config, error occuring for double Access-Control-Allow-Origin * policy – barteloma Jun 16 '20 at 13:58
  • Try location tags. With them you can set CORS rules for certain paths. – Lex Li Jun 16 '20 at 14:02

1 Answers1

1

URL rewrite outbound rule can help override the Access-Control-Allow-Origin from your application for specific URL but it can't add response header. So if you can get the expected header by rewriting your existingAccess-Control-Allow-Origin. Then outbound rule can be involved.

enter image description here

    <outboundRules>
        <rule name="outbound rule" enabled="false">
            <match serverVariable="Access-Control-Allow-Origin" pattern=".*" />
            <action type="Rewrite" value="*" />
        </rule>
    </outboundRules>

If you only need to add a header only for specific page. You can use CORS module with <location> tag https://www.iis.net/downloads/microsoft/iis-cors-module

If you need to add another header for wildcard URL like v1/api/*. Then custom httpmodule in integrated pipeline would be a choice.

Jokies Ding
  • 3,374
  • 1
  • 5
  • 10