Microsoft.AspNet.WebApi.Cors nuget package
WebApiConfiguration
Register
//EnableCorsAttribute cors = new EnableCorsAttribute("http:site1.com,http://example.com","headers","GET,POST")
// "*" for everything
EnableCorsAttribute cors = new EnableCorsAttribute("*","*","*")
config.EnableCors(cors)
Can also use
[EnableCors("*","*","*")]
[EnableCors(origins: "*", headers: "*", methods: "*", exposedHeaders: "Lmao, X-Lmao, Server, Content-Length, X-Custom-Header")]
[DisableCors]
individually on controllers and actions