I have encountered a problem that I cant resolve.
I have some js (jquery) POST soap (over PHP) request code working on Apache with Cors enabled for calling HTTPS, and it worked fine.
I've migrated to IIS7, set response headers:
Access-Control-Allow-Origin = *
Access-Control-Allow-Methods = POST`
and now strangly when sending
Content-Type: text/xml;
it is refused, but when sending a default
application/x-www-form-urlencoded
strangly I got the response (of course error response from Soap server but still, meaning that Cors works for this).
So the question is, if there is anything else to set in iis headers? I tried to find an answer for a day but with no luck. My guess is it is about Access-Control-Allow-Headers but still I cant find a valid example.
You need to set the following header:
Access-Control-Allow-Headers: Content-Type
You may also have to put other headers in that list. The best way to figure out which headers to add is to inspect the Access-Control-Request-Headers header on the request, and see what values its asking for, and then echo those values in the response above.
The reason Content-Type needs to be included in this header is because you are asking for a non-standard value ('application/x-www-form-urlencoded' is a standard value).