0

We have a DNN website, let's call it "site A" and we are fetching a webchat JS file from another server, let's say "site B". We bought a Certificate that matches on both Site A and Site B in the IIS 10 bindings.

We have attempted to add the following code to site A, with no success as we get a CORS error.

<system.webServer>
      <httpProtocol>
         <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Headers" value="Content-Type" />
            <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
            <add name="Access-Control-Allow-Credentials" value="true" />
          </customHeaders>
      </httpProtocol>
</system.webServer>

I would like to know, on which site should we add the Access Control Allow Origin code and is it possible to only target a specific DNN Portal to allow this? Is there a way you can inject Custom Headers in a particular Portal?

Tig7r
  • 525
  • 1
  • 4
  • 21

1 Answers1

1

You should be that IIS did not install the cors module, which caused this problem, install the IIS Cors module

The IIS CORS is configured via a site or application web.config file and has its own cors configuration section within system.webServer. There are instructions on using it in the official documentation, you can take a look:IIS CORS module Configuration Reference

Theobald Du
  • 824
  • 4
  • 7
  • Thanks, do you need the CORS module for IIS10? Also do you know if a specific portal website of an DNN installation can only be allowed to accept cross origin headers? Last question, which site should get the CORS config? A or B? – Tig7r Mar 12 '21 at 13:44