Microsoft
MicrosoftPChip1976 Indeed, you can use wildcards in 'origin' to make CORS config simple, see the example in the IIS CORS official docs. CORS is not that easy to wrap your head around quickly but, its worth the effort 🙂
I found the following articles useful on IIS and CORS:
1. https://blogs.iis.net/iisteam/getting-started-with-the-iis-cors-module
General tips on CORS debugging for sysadmins:
CORS issues will only arise when you use the browser (to view the Console) and not if you use other (API) clients like a PS script. Practically, they manifest as failed API requests and the infamous "Uh Oh - can't connect to API" popup.
They can be easily spotted in your browser's developer console in the 'Console' and 'Network' tabs. Once CORS issue is ascertained,
1. look for the `Origin` header in the preflight request (HTTP verb == `OPTIONS`) which failed. This value is automatically generated by the browser and the Web Console app has no control over it.
2. Check if the Web API's web.config accept this value of `Origin`.
3. The IIS CORS module interprets `origin='*'` in a special manner.
4. Update `web.config` or figure out how you can make the browser emit a different `Origin` value.