CORS in IIS aktivieren

Die folgenden Schritte wurden hier entnommen und zeigen die Aktivierung von Cross Origin Resource Sharing (CORS) in den Microsoft Internet Informations Services.

1. First, configure the OPTIONSVerbHandler to execute before .Net handlers.
   In IIS console, select "Handler Mappings". (Do this either on server level or site level. On site level it will redefine all the handlers for your site and ignore any change done on server level after that. And of course on server level, this could break other sites if they need their own handling of options verb.)
   In Action pane, select "View ordered list...". Seek OPTIONSVerbHandler, and move it up (lots of clicks...).
   You can also do this in web.config by redefining all handlers under <system.webServer><handlers>. (<clear> then <add ...> them back, this is what does the IIS console for you. By the way, there is no need to ask for "read" permission on this handler.)
2. Second, configure custom http headers for your cors needs, such as

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*"/>
      <add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, x-customer"/>
      <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, PATCH, DELETE, OPTIONS"/>
    </customHeaders>
  </httpProtocol>
</system.webServer>

Eine sehr einfache web.config kann hier eingesehen werden.