How do I add CORS headers on a per folder basis on IIS?

I have some images on my site that I need to enable cross-domain access for, but I don’t want to add it to all images. I know I could do this:

<configuration>
 <system.webServer>
   <httpProtocol>
     <customHeaders>
       <add name="Access-Control-Allow-Origin" value="*" />
     </customHeaders>
   </httpProtocol>
 </system.webServer>
</configuration>

But is there a way to restrict the custom header to only one folder on my site?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Yes, there is. Just create a new web.config file in that folder, and it will apply to that folder only.

Method 2

If Daniel Liuzzi’s answer does not work for you, allow anonymous access to the images folder as well:

If you are using ASP authentication, what appears as a CORS authentication issue may instead be an access problem triggered by ASP authentication and the redirect to your login page.

<configuration>
    <!-- allow all access to the folder in question -->
    <system.web>
      <authorization>
        <allow users="?,*" />
      </authorization>
    </system.web>

 <!-- Daniel Liuzzi's mime header (above) for CORS access -->
 <system.webServer>
   <httpProtocol>
     <customHeaders>
       <add name="Access-Control-Allow-Origin" value="*" />
     </customHeaders>
   </httpProtocol>
 </system.webServer>
</configuration>


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x