Click here to Skip to main content
15,886,512 members
Search within:


Access-control-orgin header not resetting
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi Team,

can someone help me to solve the security headers Access-Control-Allow-Origin in IIS.

I have one webserver and 1 app server. In the webserver using to redirect the public hit to app server with help of URLRewrite module. We are using burp suite tool to perform security testing. In the request we have headers like access-control-allow-orgin, orgin and so many. When i modify the header orgin and send the request then by default response header also changing as per the request. Eventhough i am adding the header through C# code and IIS headers but still header is modifying.

ANy idea why this header not reset with defined header values?

What I have tried:

- Removed the headers from api gateway and respective micros services and keep only in webserver headers. But still header changing based on orgin request
- Completely removed the header from all services and web server site.
Posted
Updated 17-Mar-22 2:51am
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 17 Mar 2022
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900