Elaborating from DavidG responseDavidG answer which is really near of what is required for a basic solution:
First, configure the OPTIONSVerbHandler to execute before .Net handlers.
- In IIS console, select "Handler Mappings" (either on server level or site level; beware that on site level it will redefine all the handlers for your site and ignore any change done on server level after that; and of course on server level, this could break other sites if they need their own handling of options verb).
- In Action pane, select "View ordered list..." Seek OPTIONSVerbHandler, and move it up (lots of clicks...).
You can also do this in web.config by redefining all handlers under
<system.webServer><handlers>(<clear>then<add ...>them back, this is what does the IIS console for you) (By the way, there is no need to ask for "read" permission on this handler.)Second, configure custom http headers for your cors needs, such as:
<system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*"/> <add name="Access-Control-Allow-Headers" value="Content-Type"/> <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS"/> </customHeaders> </httpProtocol> </system.webServer>You can also do this in IIS console.
This is a basic solution since it will send cors headers even on request which does not requires it. But with WCF, it looks like being the simpliest one.
With MVC or webapi, we could instead handle OPTIONS verb and cors headers by code (either "manually" or with built-in support available in latest version of webapi).