Try Now
More in this section

Forums / Bugs & Issues / CORS issue with Sitefinity 9.1 No 'Access-Control-Allow-Origin'

CORS issue with Sitefinity 9.1 No 'Access-Control-Allow-Origin'

1 posts, 0 answered
  1. robert
    robert avatar
    1 posts
    08 Apr 2016
    26 Jul 2016
    Link to this post

    Hello everyone,

    We were trying to enable CORS on our Staging server and no matter what setting we enable or tweak in our security layer it appears the CORS functionality is not working with Sitefinity although its apparently enabled. 

    To ensure it was not a problem with the configuration on the Staging server, I downloaded the latest Sitefinity Empty SampleProject found here: https://github.com/Sitefinity-SDK/Telerik.Sitefinity.Samples.EmptyProject/tree/release91  and I was able to reproduce the exact same problem locally.

    Attached you will find two screenshots.

    WebRequest with Error.png will show you the entire debug window from the developer tools from within Google Chrome.

    WebService options.png shows you the options set against that specific web service and showing CORS is enabled.

    Also with a direct quote from the official Sitefinity Documentation on CORS: http://docs.sitefinity.com/define-the-access-permissions  

    "Enter *
    Every request from every domain will be allowed. We do not recommend this, because there may be malicious users who would try to exploit the service. We recommend to specify only domains that are trusted."

    Hopefully this can be addressed and thanks to anyone who has any information or suggestions on this issue. 

1 posts, 0 answered