Does anyone have any guidelines/experience for navigating CORS (javascript / ASP / etc) for Epicor REST? I’d imagine this is a very frequently encountered hoop to jump through unless you host your Epicor appserver / REST host within the same domain as your integration endpoint. I’ve managed to package the javascript CORS preflight along with modifying the IIS response headers, but I’m still getting an issue with authentication - perhaps this has something to do with the custom way Epicor is handling security here?
add key CorsOrigins to the appSettings section of web.config.
Like <add key="CorsOrigins" value="https://localhost, https://localhost" /> - access from https://localhost and https://localhost allowed
or <add key="CorsOrigins" value="*" /> - access from any host is allowed (less secure)
Great, thank you, @Olga! I was trying to inject the various keys based on more standard IIS practices into the web.config without success, though I had moderate success in getting the preflight to work by setting them at the IIS level. I’ll try scrapping the IIS-level response headers and just using your suggested appSettings webconfig key and see where that gets me.
