subkamran on Fri, 06 Nov 2015 20:20:23

I posted this in the other CORS related thread but thought I'd ask separately. I have CORS enabled and I have my web.config set up to automatically rewrite the Access-Control-Allow-Origin header based on a whitelist and it works for US users (or at least the ones I had test). However, one specific user isn't seeing the header even though all evidence suggests he should be seeing exactly what I see.

Attached are two screenshots. The screenshot showing the Access-Control-Allow-Origin is the response from the CDN on my machine. The screenshot without the header is my customer's browser. Notice that exactly everything else is the same (exceptAccept-Language and CDN endpoint, because my customer is in Poland).

What could cause this? How could I get the header on the same exact resource and yet my customer wouldn't? He even said he had a friend try (presumably also from Poland) and it worked for him.

Header is present

Access-Control-Allow-Origin is present

Header is not present

No header is present

Kamran A

Kamran A