Web Development
Reader small image

You're reading from  CORS Essentials

Product typeBook
Published inMay 2017
Reading LevelIntermediate
Publisher
ISBN-139781784393779
Edition1st Edition
Languages
JavaScript
Tools
Visual Studio
Concepts
Front End Web Development
Right arrow
Author (1)
Rajesh Gunasundaram
Rajesh Gunasundaram
author image
Rajesh Gunasundaram

Rajesh Gunasundaram is a software architect, technical writer and blogger. He has over 15 years of experience in the IT industry, with more than 12 years using Microsoft .NET, 2 years of BizTalk Server and a year of iOS application development. Rajesh is a founder and editor of technical blogs programmerguide and ioscorner and you can find many of his technical writings on .Net and iOS. He is also the founder and developer of VideoLens, a platform that analyses videos uploaded in Facebook pages and YouTube channels. Rajesh has also written four other books for Packt publishing. Rajesh worked on client premises located at various countries such as UK, Belarus and Norway. He also has experience in developing mobile applications for iPhone and iPad. His technical strengths include Azure, Xamarin, ASP.NET MVC, Web API, WCF, .Net Framework / .Net Core, C#, Objective-C, Angular, Bot Framework, BizTalk, SQL Server, REST, SOA, Design Patterns and Software Architecture. Rajesh is an early adopter of Angular since AngularJS. He has developed Rich interfaces using Angular, Bootstrap, HTML5 and CSS3. He has good experience in translation of designer mock-ups and wireframes into an AngularJS front-end. Good at unit testing Angular applications with Karma. Expertise in handling RESTful services in Angular. Supporting various web products developed using AngularJS and Angular.
Read more about Rajesh Gunasundaram

Right arrow

Chapter 5. CORS in Windows

In this chapter, we are going to discuss how to implement CORS on the Windows platform. The Windows platform includes IIS and ASP.NET Web API applications, as well as the Windows Communication Foundation.

We will learn about:

  • How to set the Access-Control-Allow-Origin header globally in web.config for Windows IIS Server

  • How to install and use the Microsoft ASP.NET Web API Cross-Origin Support package, including:

    • Setting CORS policies with the EnableCorsAttribute class

    • Disabling CORS policies with the DisableCors attribute

    • Creating dynamic CORS policies with the Custom CORS Policy Attribute class

    • Creating dynamic CORS policies driven by logic with the custom CORS policy provider factory

  • How to use CORS in Windows Communication Foundation (WCF)

  • Note that Edge and Internet Explorer 10 fully support XmlHttpRequest withCredentials, IE 8 and 9 use XDomainRequest instead of XmlHttpRequest, and IE 7 and lesser versions do not support CORS at all

Incoming CORS requests

Web applications are often integrated with external platforms, APIs, and services. When the external source is hosted on a different domain, CORS is used to allow requests from the external local domain to the target domain, without an intermediate proxy. We will look at techniques for allowing cross-domain requests in Windows applications and servers. When making a CORS request from the Windows application as the local domain to a different target domain, it is handled with custom code using the methods we have covered in earlier chapters.

How to set the Access-Control-Allow-Origin header globally in Windows IIS Server

Although it is possible to set the Access-Control-Allow-Origin header value globally in web.config for Windows IIS Server, the Microsoft ASP.NET Web API Cross-Origin Support package provides classes and interfaces for the sophisticated handling of CORS requests.

Tip

In general, best practices for CORS recommend setting the CORS-enabling Access-Control-Allow-Origin header only on pages where it is actually needed, rather than setting it globally on every page. Also consider the security implications of allowing CORS requests globally, particularly when using the wildcard "*".

You may also allow a single domain instead of allowing all domains with the wildcard. Until the CORS specification supporting multiple allowed domains is widely supported in client browsers, you will need to use additional logic in code to allow a specific set of allowed domains.

Setting CORS headers globally with web.config for IIS7 Server...

CORS in the ASP.NET Web API

The ASP.NET Web API is a HTTP service-oriented framework suitable for implementing cross-domain requests via CORS in web applications.

ASP.NET Web API is a framework that makes it easy to build HTTP services that reach a broad range of clients, including browsers and mobile devices. ASP.NET Web API is an ideal platform for building RESTful applications on the .NET Framework.

The EnableCorsAttribute custom class contains properties for the allowed origins, HTTP methods, request headers, response headers, and whether credentials are allowed.

The CorsMessageHandler checks the policy in the attribute for the HTTP method being invoked and sends the appropriate CORS response headers.

Enabling CORS in the ASP.NET Web API

When using the ASP.NET Web API, you may enable CORS globally on the IIS server using the methods already discussed.

It is preferable to add the CORS headers only on the pages, and for classes and methods, where they are needed. The next section shows how to...

CORS in Windows Communication Foundation

Windows Communication Foundation (WCF) is another service-oriented Windows .NET framework component that is suitable for building applications that use CORS.

The WCF sends data as asynchronous messages from one service endpoint to another. A service endpoint can be hosted by IIS, or it can be hosted in an application. It can be a client of a service that requests data from a service endpoint.

Out of the box, WCF cannot make cross-origin requests because it does not send the required CORS headers: Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Methods. WCF can also send the optional CORS headers: Access-Control-Allow-Headers and Access-Control-Max-Age.

Create a global.asax file to add the necessary HTTP headers to Application_BeginRequest. The following example of code for the global.asax file allows a request from http://localdomain.com, using allowed HTTP methods POST, PUT, DELETE. It allows http://localdomain.com...

CORS in Windows browsers – Internet Explorer and Edge

The good news is that Edge, the browser that ships with Windows 10, and Internet Explorer 10 fully support the W3C specification for CORS, and you can use standard techniques with XmlHttpRequest (XHR) and CORS headers. Internet Explorer 7 and older versions do not support CORS at all.

According to Can I Use... (as of August 2015), CORS is supported by 97.69% of browsers in the USA and 92.76% globally. For more information about CORS support in browsers, see the Can I Use... page for CORS: .

In Internet Explorer 8 and 9, you have to use feature detection and XDomainRequest instead of XHR. We covered using XDomainRequest in Chapter 1, Why You Need CORS.

The following example shows how to detect XHR withCredentials and XDomainRequest support. If a new XmlHttpRequest has "withCredentials", then CORS is supported; if the window has XDomainRequest, then that method is supported; if neither is present, you cannot use CORS:

function browserSupportsCors...

Summary

Interesting isn't it?

In this chapter, we have learned about how to allow incoming CORS requests in the Windows IIS server by adding the CORS headers in the web.config file.

Then we discussed how to use the REST features in the ASP.NET Web API framework to enable CORS.

Next, we learned about using CORS in the Windows Communication Foundation (WCF).

Finally, we discussed CORS support in Edge and Internet Explorer 10 browsers.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 11 of 15
Next Chapter
You have been reading a chapter from
CORS Essentials
Published in: May 2017Publisher: ISBN-13: 9781784393779
© 2017 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Rajesh Gunasundaram

Rajesh Gunasundaram is a software architect, technical writer and blogger. He has over 15 years of experience in the IT industry, with more than 12 years using Microsoft .NET, 2 years of BizTalk Server and a year of iOS application development. Rajesh is a founder and editor of technical blogs programmerguide and ioscorner and you can find many of his technical writings on .Net and iOS. He is also the founder and developer of VideoLens, a platform that analyses videos uploaded in Facebook pages and YouTube channels. Rajesh has also written four other books for Packt publishing. Rajesh worked on client premises located at various countries such as UK, Belarus and Norway. He also has experience in developing mobile applications for iPhone and iPad. His technical strengths include Azure, Xamarin, ASP.NET MVC, Web API, WCF, .Net Framework / .Net Core, C#, Objective-C, Angular, Bot Framework, BizTalk, SQL Server, REST, SOA, Design Patterns and Software Architecture. Rajesh is an early adopter of Angular since AngularJS. He has developed Rich interfaces using Angular, Bootstrap, HTML5 and CSS3. He has good experience in translation of designer mock-ups and wireframes into an AngularJS front-end. Good at unit testing Angular applications with Karma. Expertise in handling RESTful services in Angular. Supporting various web products developed using AngularJS and Angular.
Read more about Rajesh Gunasundaram

Personalised recommendations for you

Based on your interests and search pattern

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development covers everything a frontend developer or a Drupal developer needs to know about the Drupal 10 theme layer. Using real-world examples, this book will help you to build up from an empty theme to a fast, responsive, maintainable, and accessible Drupal website in both monolithic and decoupled ways.

BookAug 2023360 pages4
Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React contains a wealth of practical guidance for picking up full stack development. The step-by-step exploration of everything from dependency injection, ORM with Hibernate, and JWTs to RESTful APIs, UI styling, and TypeScript will help you to develop the Spring Boot and React skills you need.

BookOct 2023454 pages5
Modern API Development with Spring 6 and Spring Boot 3

Modern API Development with Spring 6 and Spring Boot 3

This practical guide teaches inexperienced Java programmers and web developers how to design, develop, test, and deploy highly scalable and maintainable APIs using REST, gRPC, GraphQL, and reactive programming paradigms with Java and Spring Boot. Complete with real-world examples, it will guide you to build enterprise-level APIs and services.

BookSep 2023494 pages1
Hands-On Web Scraping with Python

Hands-On Web Scraping with Python

This book guides you to discover and extract quality data from the web using Python libraries such as requests, lxml, pyquery, scrapy, and to use effective scraping techniques. It’ll help you master the fundamentals and advanced concepts of web scraping and apply your skills to real-world data extraction tasks, with analysis and visualization.

BookOct 2023324 pages
Mastering Blazor WebAssembly

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages4
Mastering Blazor WebAssembly

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages3
Full Stack Web Development with Remix

Full Stack Web Development with Remix

Unlock the power of the web platform and cutting-edge technologies for your React applications using Remix to take advantage of the full stack to create a great user experience. This book is a complete resource covering the conventions, levers, and primitives of Remix and illustrates concepts through a real-world project.

BookNov 2023318 pages
Real-World Svelte

Real-World Svelte

This book is a must-have guide to unlocking Svelte's true potential. You’ll learn about advanced component development, efficient coding, and powerful UI patterns using actions. With a focus on state management, custom stores, and renderless components, this book equips you to build exceptional web apps with lightning-fast performance.

BookDec 2023282 pages3
Building Micro Frontends with React 18

Building Micro Frontends with React 18

This book is a step-by-step guide to building production-grade, highly scalable, and performant web apps using multi-SPA and micro apps patterns, where you’ll learn to deal with complexities related to micro frontends. The book is a full life cycle guide to building, deploying, and managing micro frontends in a cloud-native environment.

BookOct 2023218 pages
Drupal 10 Masterclass

Drupal 10 Masterclass

This all-in-one guide helps you get up and running with building Drupal applications using the latest Drupal 10 features. You’ll develop a complete practical understanding of Drupal frontend, backend, architecture, content management, themes, and modules to deliver a rich user experience by creating custom Drupal apps.

BookDec 2023310 pages
Full-Stack Flask and React

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages5
Full-Stack Flask and React

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages2