Final Setup Steps

After the web app and web service are installed, you may need to take additional steps, depending on the options enabled or desired. This section contains details about further setup steps you may need to perform.

Enable Cross-Origin Resource Sharing

If the web service and web app have different host systems, and if the systems are accessed through different URLs (specifically the protocol, server name, or port), your web browser will block access to the web service, causing processes to malfunction.

To resolve this, enable cross-origin resource sharing (CORS). After installing the web service, open its web.config file (typically found at C:\Program Files (x86)\Lieberman\Roulette\ERPMWebService\web.config), and set EnableCORS to true.

CORSDomain controls the source domain allowed for CORS support. The initial value is an asterisk (*), which allows references from any web server. To limit communication to a particular domain, change the asterisk to your domain name. For example:

<add key="CORSDomain" value="example.int" />

This example sets Access-Control-Allow-Origin to example.int. Requests from servers in other domains will not be allowed.

Note: Only one CORSDomain value can be specified at a time.

Note: Your browser may require additional configuration. CORS may not work in all configurations.

About CORS

CORS is defined in RFC6454. This specification defines that a resource is considered the same origin if it uses the same scheme (protocol), host, and port. If your web app and web service are installed on the same host, are both accessed by HTTPS, and both use the same default port (443), they are considered to be of the same origin, and your browser will not block communication to either component. If any of these elements is different, the browser blocks communication to the web service from the web app, which prevents operations such as password retrieval.

Controls for browser behavior surrounding CORS vary by browser.

For more information, please see "Supported Browsers" on page 1, and refer to your browser's documentation on enabling CORS support.