Exposing additional headers in CORS responses using the EnableCorsAttribute
File under “Learn something new every day.”
Long story short, we have enabled CORS in our API, but today I learned that not all headers are included.
Particularly, like Aaron, we needed to ensure that the Location header came back when a POST request created a new resource. Our solution is a bit different than his. We’re already using the [EnableCorsAttribute](http://msdn.microsoft.com/en-us/library/system.web.http.cors.enablecorsattribute(v=vs.118%29.aspx), so Rob pointed out that we can just do this:
EnableCorsAttribute("*", "*", "*", "location");
Like the other constructor arguments, that last can be a comma separated list. Looks legit!
Read other posts