Hi
I recently updated our Kentico website from 12.0.77 to 12.0.101 because there was a bug that was solved in a later hotfix.
I noticed that after this, well I assume that this caused it, API calls are not processed correctly anymore and resulting in CORS issues. So there is front-end app (Angular) that does API calls to the MVC website (with latest K12 path). In the MVC website there is a Global.asax.cs file with Application_BeginRequest() to allow certain methods, headers and origins. This all worked until now.
The preflight request (Method: options) is not entering the Application_BeginRequest() method anymore and the wrong response headers are returned resulting in CORS issues. I added the access-control-allow-xxx in the web.config directly and to my surprise the preflight request had now 2 times the control-allow-xxx response headers! So something is interfering with setting the response headers.
I noticed that when I put the following line in comment in my web.Config: <!--<add name="CMSApplicationModule" preCondition="managedHandler" type="CMS.Base.ApplicationModule, CMS.Base" />-->
I don't have the double reponse headers and the preflight request is returning the correct response headers from my Application_BeginRequest(), so it is entering it as expected. However removing this module breaks the website, so not really an option...
Side note: I have this issue only on my local environment (IIS express), on Azure web apps the requests are processed correctly).
So I don't understand what is causing this incorrect response headers, it seems to be set by the module CMSApplicationModule, but that would be weird? Any ideas on how to fix this?