Reputation: 147
Mobile devices with credentials flag to true
I have to send credentials to authenticate on the server (windows authentication) for my application:
with-credentials = true
The problem is that my clients are mobile devices, and I can't tell to the server in Access-Control-Allow-Origin the origin domains.
I would like to do that:
Access-Control-Allow-Origin = *
But I know it is not possible because of security issues.
How can I do that with HTTP?
PS: I am using a server in ASP.NET and clients are made with Ionic (Angular). Currently, I am using a temporary solution:
Access-Control-Allow-Origin = localhost:8100
But when I will deploy the application it won't work on real devices.
Upvotes: 0
Views: 272
Answers (2)
Reputation: 176
Sometimes you need to check this wihtin your AuthorizeAttribute
// pre-flight request (OPTIONS) are always ok.
// https://stackoverflow.com/questions/26296779/chrome-v37-38-cors-failing-again-with-401-for-options-pre-flight-requests#28235624
if (actionContext.Request.Method == System.Net.Http.HttpMethod.Options)
{
return true;
}
Upvotes: 0
Reputation: 1549
From enable-cors.org:
CORS In ASP.NET
If you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages:
Response.AppendHeader("Access-Control-Allow-Origin", "*");
See also: you can also Configure IIS6 / IIS7
Upvotes: 2
Related Questions
- CORS issue between web/android/ios
- Setting up CORS policy for hybrid mobile web apps
- about CORS between mobile application and web application
- Preflight Access-Control-Allow-Credentials
- Ionic 4 CORS issue on mobile device
- Azure Mobile App CORS settings
- Disabling CORS(cross-origin resource sharing) on the Mobile device - Ionic App
- cors not working with azure mobile service .net backend
- Enable CORS in Azure Mobile Services - OPTIONS not authorized
- Enable CORS on Azure Mobile Serivce .NET Backend