jbest84/App_Code\Sample.cs

## App_Code\Sample.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Web;

namespace Sample
{
    public class CrossOriginSupportModule : IHttpModule
    {
        public void Init(HttpApplication context)
        {
            context.PreSendRequestHeaders += delegate
            {
                if (context.Request.HttpMethod == "OPTIONS")
                {
                    context.Response.StatusCode = (int)HttpStatusCode.OK;
                }
            };
        }

        public void Dispose()
        {
        }
    }
}

## App_Code\Sample2.cs
// Use this when you cannot set the headers in system.webServer section
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Web;

namespace Sample
{
    public class CrossOriginSupportModule : IHttpModule
    {
		// Headers
        private const string AccessControlAllowCredentialsHeader = "Access-Control-Allow-Credentials";
        private const string AccessControlAllowHeadersHeader = "Access-Control-Allow-Headers";
        private const string AccessControlAllowMethodsHeader = "Access-Control-Allow-Methods";
        private const string AccessControlAllowOriginHeader = "Access-Control-Allow-Origin";
        private const string OriginHeader = "Origin";

		// Default header values
        private const string DefaultAllowedHeaders = "Authorization,X-Requested-With,X-Authorization,X-Authorization-Mode,Content-Type,If-Match,X-Application-Name,X-Application-Version";
        private const string DefaultAllowedMethods = "GET,POST,PUT,DELETE,OPTIONS";

		private const string AllowAnyOrigin = "*";

        public void Init(HttpApplication context)
        {
            context.PreSendRequestHeaders += delegate
            {
                if (context.Request.HttpMethod == "OPTIONS")
                {
					context.Response.ClearHeaders();
					context.Response.ClearContent();
					context.Response.Clear();
                    context.Response.StatusCode = (int)HttpStatusCode.NoContent;
                }

				// CORS headers
				context.Response.AddHeader(AccessControlAllowCredentialsHeader, "true");
				context.Response.AddHeader(AccessControlAllowHeadersHeader, DefaultAllowedHeaders);
				context.Response.AddHeader(AccessControlAllowMethodsHeader, DefaultAllowedMethods);
				context.Response.AddHeader(AccessControlAllowOriginHeader, AllowAnyOrigin);
            };
        }

        public void Dispose()
        {
        }
    }
}

## web.config
 <system.webServer>
      <httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
            <add name="Access-Control-Allow-Headers" value="Authorization,X-Requested-With,X-Authorization,X-Authorization-Mode,Content-Type,If-Match,X-Application-Name,X-Application-Version" />
            <add name="Access-Control-Allow-Credentials" value="true" />
            <add name="Access-Control-Expose-Headers" value="Location,Content-Disposition" />
        </customHeaders>
    </httpProtocol>
    <modules>
      <add name="CrossOriginSupportModule" type="Sample.CrossOriginSupportModule" />
    </modules>
  </system.webServer>
	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Net;
	using System.Web;

	namespace Sample
	{
	public class CrossOriginSupportModule : IHttpModule
	{
	public void Init(HttpApplication context)
	{
	context.PreSendRequestHeaders += delegate
	{
	if (context.Request.HttpMethod == "OPTIONS")
	{
	context.Response.StatusCode = (int)HttpStatusCode.OK;
	}
	};
	}

	public void Dispose()
	{
	}
	}
	}
	// Use this when you cannot set the headers in system.webServer section
	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Net;
	using System.Web;

	namespace Sample
	{
	public class CrossOriginSupportModule : IHttpModule
	{
	// Headers
	private const string AccessControlAllowCredentialsHeader = "Access-Control-Allow-Credentials";
	private const string AccessControlAllowHeadersHeader = "Access-Control-Allow-Headers";
	private const string AccessControlAllowMethodsHeader = "Access-Control-Allow-Methods";
	private const string AccessControlAllowOriginHeader = "Access-Control-Allow-Origin";
	private const string OriginHeader = "Origin";

	// Default header values
	private const string DefaultAllowedHeaders = "Authorization,X-Requested-With,X-Authorization,X-Authorization-Mode,Content-Type,If-Match,X-Application-Name,X-Application-Version";
	private const string DefaultAllowedMethods = "GET,POST,PUT,DELETE,OPTIONS";

	private const string AllowAnyOrigin = "*";

	public void Init(HttpApplication context)
	{
	context.PreSendRequestHeaders += delegate
	{
	if (context.Request.HttpMethod == "OPTIONS")
	{
	context.Response.ClearHeaders();
	context.Response.ClearContent();
	context.Response.Clear();
	context.Response.StatusCode = (int)HttpStatusCode.NoContent;
	}

	// CORS headers
	context.Response.AddHeader(AccessControlAllowCredentialsHeader, "true");
	context.Response.AddHeader(AccessControlAllowHeadersHeader, DefaultAllowedHeaders);
	context.Response.AddHeader(AccessControlAllowMethodsHeader, DefaultAllowedMethods);
	context.Response.AddHeader(AccessControlAllowOriginHeader, AllowAnyOrigin);
	};
	}

	public void Dispose()
	{
	}
	}
	}
	<system.webServer>
	<httpProtocol>
	<customHeaders>
	<add name="Access-Control-Allow-Origin" value="*" />
	<add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
	<add name="Access-Control-Allow-Headers" value="Authorization,X-Requested-With,X-Authorization,X-Authorization-Mode,Content-Type,If-Match,X-Application-Name,X-Application-Version" />
	<add name="Access-Control-Allow-Credentials" value="true" />
	<add name="Access-Control-Expose-Headers" value="Location,Content-Disposition" />
	</customHeaders>
	</httpProtocol>
	<modules>
	<add name="CrossOriginSupportModule" type="Sample.CrossOriginSupportModule" />
	</modules>
	</system.webServer>