Archives / 2018 / March
  • Getting started with the IIS CORS Module

    Browsers usually apply same-origin restrictions to network requests. These restrictions would prevent a malicious page from making a cross origin request initiated from within a script. As an example, this means ordinarily a script served from cannot make a request to However, there are instances in which you may want to allow sites to make these requests. For example, it's a common practice the split the web frontend ( from the service hosting your API ( For such scenarios to work, you will need to configure your API to reply with appropriate CORS headers. The IIS CORS module provides a way for web administrators and web site authors to easily support the CORS protocol by delegating all CORS protocol handling to the module.