How to enable CORS

Question

I have two sites: local :20279/ and local :54220. 54220 is opened through out IFrame from 20279. After user click on button, the IFrame will be closed and I get data inside the 52220. I read about how to enable CORS, and this is what I did in web.config:

<system.webServer>
    <httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*"/>
            <add name="Access-Control-Allow-Headers" value="Content-Type" />
            <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
        </customHeaders>
    </httpProtocol>
</system.webServer>

And this code in file js to read data inside IFrame

function dialog_close() {
    dialog(false, '');

    getValueFromIFrame("if-dialog", "status");
}

function getValueFromIFrame(idIFrame, idField) {
    var iframe = document.getElementById(idIFrame);
    var innerDoc = iframe.contentDocument || iframe.contentWindow.document;
    var value = innerDoc.getElementById(idField).value;
    alert(value);
    //return value;
}

And this is what I get from browser:

Blocked a frame with origin 20279 from accessing a frame with origin "http://localhost:54220". Protocols, domains, and ports must match. <br/>
Uncaught SecurityError: Blocked a frame with origin "http://localhost:20279" from accessing a frame with origin 54220. Protocols, domains, and ports must match.

My question is: how do I make it work?

Thank you

Answer 1

必须将响应中的Access-Control-Allow-Origin标头设置为HTTP请求的Origin标头中发送的确切值，*是不够的。