You can also proxy the api requests from wherever you are serving your angular app and avoid CORS entirely - browser support for CORS varies.
On Mon, Aug 17, 2015 at 11:48 AM, Nelson <[email protected]> wrote: > Greg, > > if you read a little further down that article, it discusses ways to finer > grain the access control > > such as enabling CORS only for certain API endpoints or requests only from > certain domain > > > Cheers > > On 17 August 2015 at 11:46, Greg Keogh <[email protected]> wrote: > >> Enable CORS for your API. >>> >> >> BINGO! By adding the following header I can call my remote service from a >> localhost script: >> >> Access-Control-Allow-Origin: * >> >> There are security issues with this of course, but it was urgent to get >> it going for the other developer. >> >> Thanks, Greg >> >> >>> >>> >>> http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api >>> >> >> >
