How to deal with CORS issues?

Mar 18, 2016 at 8:16 AM
Edited Mar 18, 2016 at 2:29 PM

I have built my webservice, an HTML page with javascript, and am hosting the HTML page on IIS8/7.

When I access the HTML page locally, I can access it in any browser and ping my webservice for any request needed.

However, when I host that HTML page on the IIS8/7 (on port 80) and navigate to it using an IP address on my network (for example in any browser it fails to be able to receive the json data in the response of my webservice.

However I can see on the side of my webservice that it receives the request (POST,GET,PUT,ETC) and tries to send data back.

In the debug of Chrome/Firefox the error is that it is not allowing the HTML page to display the data from that Origin Source because there is no header for "Access-Control-Allow-Origin". XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access.

In researching this and troubleshooting, I've made sure that IIS8/7 has the appropriate Header settings to allow it by setting it to Access-Control-Allow-Origin: * just as
Has instructed me too.

From there I tried to see if I could somehow implement this on my HTML page, but every answer I've seen and looked at states that the needed header is not apart of the HTML page.

So from here the question is how to get Access-Control-Allow-Origin: * into my source code for the web service.

Below is my current code, and I'm including the PUT request which is the only one I'm testing currently.
void handle_post(http_request request) // this handles POST requests

printf("POST Request Received\n");

request.extract_string(true).then([request](utility::string_t body) // this receieves the body of the message from our html page

std::string newbody( body.begin(), body.end() ); //using this to convert from wstring to string, then
std::copy(newbody.begin(), newbody.end(), newchar); // this is for the conversion of string to char
newchar[newbody.size()] = '\0'; // calculates new size for newchar

if(strcmp(newchar, "requestgroups") == 0){ // this if statement is the standard for comparing char to a specific string

int i = 0;
std::string groupliststr = "test"; 
std::string timestr = "time is now";

json::value groupjson = json::value::array(); //building json container with values
groupjson[i][L"GROUPLIST"] = json::value::string(utility::conversions::utf8_to_utf16(groupliststr));
groupjson[i][L"TIME"] = json::value::string(utility::conversions::utf8_to_utf16(timestr));

request.reply(status_codes::OK, groupjson); // reply is done here



printf("Finished POST Request\n");


int main(int argc, char *argv[])

printf("Started Webservice\n");

http_listener listener(L""); //sets my listener to an address, can be anything - but for example is listener(L"http://localhost:80");, handle_get); // opens up the listener to GET requests, handle_post); // opens up the listener to POST requests, handle_put); // opens up the listener to PUT requests, handle_options); // opens up the listener to OPTIONS requests


.then([&listener](){TRACE(L"\nBegan Listening for Requests\n");})

while (true){

catch (exception const & e)
wcout << e.what() << endl;

printf("Ended service\n");

return 0;
Is there anything I can add to the code in order to allow the Headers for the webservice to allow Access-Control-Allow-Origin: * following the CORS standard. I've looked a bit before, and tried a few tricks, but it did not work.

Mar 18, 2016 at 3:55 PM
Edited Mar 18, 2016 at 4:12 PM
I've solved the issue.

I had to add headers to a response, which I was only really doing with my reply.

So I changed
request.reply(status_codes::OK, groupjson); // reply is done here
            http_response response (status_codes::OK);
            response.headers().add(U("Access-Control-Allow-Origin"), U("*"));
            request.reply(response);         // reply is done here