Yes. We understand the risk with CORS (we are a very locked down corporate network).
But I am a newbie at IIS admin. Which folder would find that xml file, and where what might it be called.
Also, our IT department (sometimes clueless on this) thinks we might need this to be added to IIS: