asp.net web api2 - OWIN and CORS - One CORS Header to rule them all? -
there seems lots of different answers on define cors headers when using owin. have seen these ... 1) add grantresourceownercredentials method context.owincontext.response.headers.add("access-control-allow-origin", new[] { allowedorigin }); 2) in configuration(iappbuilder app) method of startup.cs app.usecors(microsoft.owin.cors.corsoptions.allowall); 3) add web.config <system.webserver> <httpprotocol> <customheaders> <add name="access-control-allow-origin" value="*" /> <add name="access-control-allow-headers" value="content-type" /> <add name="access-control-allow-methods" value="get, post, put, delete, options" /> </customheaders> </httpprotocol> </system.webserver> when try multiple options error saying duplicate cors headers , therefore none of them allowed. is there single place can define cors po...