Does the CORS add-on for IIS have logging?

Erik Martinson 20 Reputation points
2023-07-06T21:42:54.4133333+00:00

Is there a log for the IIS CORS add-on module?

I have a customer that keeps getting 403 errors from the CORS module and swears they gave me the domains that requests are coming from. The standard IIS logs do not have an option for the "origin" field from the header. From my understanding, that is what the cors module looks for.

Erik

Internet Information Services
0 comments No comments
{count} votes

Accepted answer
  1. Sam Wu-MSFT 7,536 Reputation points Microsoft Vendor
    2023-07-07T03:07:33.8966667+00:00

    @Erik Martinson

    You can use failed request tracking or Fiddler to view detailed request information about cors.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 69,276 Reputation points
    2023-07-09T17:10:51.1266667+00:00

    The 403 is from the client rejecting the call, not IIS. IIS has no way to detect if the caller honors CORS, it just returns the CORS headers on every request.

    that is, the browser compares the headers and generates the 403 error.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.