DRAG DROP
You are developing an ASP.NET Web API application that will be consumed by a web browser via a
composite application that is served from another web domain.
You need to configure the Web API.
What should you do? (To answer, drag the appropriate XML elements to the correct location or
locations in the answer area. Each XML element may be used once, more than once, or not at all. You
may need to drag the split bar between panes or scroll to view content.)
Answer: 
are this the correct answers??!!!
1
0
yes
3
0
yes
3
0
Aye
2
0
https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api
Set the allowed request headers:
The headers parameter of the [EnableCors] attribute specifies which author request headers are allowed. To allow any headers, set headers to “*”. To whitelist specific headers, set headers to a comma-separated list of the allowed headers:
[EnableCors(origins: “http://example.com”,
headers: “accept,content-type,origin,x-my-header”, methods: “*”)]
However, browsers are not entirely consistent in how they set Access-Control-Request-Headers. For example, Chrome currently includes “origin”. FireFox does not include standard headers such as “Accept”, even when the application sets them in script.
If you set headers to anything other than “*”, you should include at least “accept”, “content-type”, and “origin”, plus any custom headers that you want to support.
Answer is correct as it aligns with this explanation, but it could also have been
value=”*”
name=”Access-Control-Allow-Methods”
name=”Access-Control-Allow-Headers”
value=”*”
1
0