Navigating CORS for Epicor REST

Does anyone have any guidelines/experience for navigating CORS (javascript / ASP / etc) for Epicor REST? I’d imagine this is a very frequently encountered hoop to jump through unless you host your Epicor appserver / REST host within the same domain as your integration endpoint. I’ve managed to package the javascript CORS preflight along with modifying the IIS response headers, but I’m still getting an issue with authentication - perhaps this has something to do with the custom way Epicor is handling security here?

Any input on this Bart?

Credit @Banderson
image

add key CorsOrigins to the appSettings section of web.config.
Like <add key="CorsOrigins" value="https://localhost, https://localhost" /> - access from https://localhost and https://localhost allowed
or <add key="CorsOrigins" value="*" /> - access from any host is allowed (less secure)

Great, thank you, @Olga! I was trying to inject the various keys based on more standard IIS practices into the web.config without success, though I had moderate success in getting the preflight to work by setting them at the IIS level. I’ll try scrapping the IIS-level response headers and just using your suggested appSettings webconfig key and see where that gets me.

Life saver! Just ran into this issue, stupid CORDOVA

Hi all, where do I find this Web.config, as we have Kinetic Cloud- 2025.2.16

You can’t edit that in cloud, nor should you need to.

Start a new thread with your actual problem.

I created a new topic :CORS connection error in WebApplication

I noticed y’all have a location in portage Michigan, are you ever out this way?

Not really