Base solution for your next web application
Open Closed

CORS issues when hosting on different subdomains in IIS #3555


User avatar
0
krileo created

Hi.

We are using the latest ASP.NET Zero ASP.NET Core / Angular template and locally it runs all fine. When deploying to IIS (both backend and frontend) we are running into CORS issues - but not everywhere.

aspnet-core parts run on <a class="postlink" href="http://api.domain.com">http://api.domain.com</a> , where domain is one of our domains. angular part runs on <a class="postlink" href="http://administration.domain.com">http://administration.domain.com</a>, where domain is the same domain as above.

Both run on port 80.

We are able to login, edit users etc... everything seems working just fine - except Administration / Settings. When we click save on this page only we get a CORS error like this.

Failed to load resource: the server responded with a status of 405 (Method Not Allowed) tenantSettings:1 XMLHttpRequest cannot load <a class="postlink" href="http://api.somerandomdomain.com/api/services/app/TenantSettings/UpdateAllSettings">http://api.somerandomdomain.com/api/ser ... llSettings</a>. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://administration.somerandomdomain.com' is therefore not allowed access. The response had HTTP status code 405.

We tested it multiple browsers and all fails. Running locally with IISExpress and Nodejs it works just fine.

Could there be some issue with the implementation causing CORS problems on some pages, while the rest works fine?

Regards

Kristian


1 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @krileo,

    This might not be related to CORS. In angular4 version, when a serverside error occurs, angular4 shows CORS error. This is a misleading message but we couldn't solve it yet.

    Your problem is probably related to HTTP verbs (PUT probably) is not allowed on IIS. If you can check Logs.txt file on your Host website, you can see the actual message.

    If it is related to PUT http verb, removing WebDav from IIS will solve this.

    Thanks.