Greg, if you read a little further down that article, it discusses ways to finer grain the access control
such as enabling CORS only for certain API endpoints or requests only from certain domain Cheers On 17 August 2015 at 11:46, Greg Keogh <[email protected]> wrote: > Enable CORS for your API. >> > > BINGO! By adding the following header I can call my remote service from a > localhost script: > > Access-Control-Allow-Origin: * > > There are security issues with this of course, but it was urgent to get it > going for the other developer. > > Thanks, Greg > > >> >> >> http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api >> > >
