I need to enable CORS in Reporting Services so that I can download reports from my web application using ajax. What I've learned so far is, that SSRS is no longer using IIS, but http.sys to serve web.requests. Is there a simple way to add CORS support to SSRS (2012)?
I managed to get this working by adding the following code to the global.asax in reportserver directory.
<%@ Application Inherits="Microsoft.ReportingServices.WebServer.Global" %>
<%@ Import namespace="System.Web" %>
<%@ Import namespace="System.Security" %>
<script runat="server">
private static bool init;
private static object lockObject = new object();
void Application_BeginRequest(object sender, EventArgs e)
{
lock(lockObject)
{
if (!init)
{
HttpContext context = HttpContext.Current;
HttpResponse response = context.Response;
string allow = @"Access-Control-Allow-Origin";
// enable CORS
response.AddHeader(allow, "http://yoursourcedomain.com");
response.AddHeader(@"X-Frame-Options", "ALLOW-FROM http://yoursourcedomain.com");
response.AddHeader(@"Access-Control-Allow-Credentials", "true");
if (context.Request.HttpMethod == "OPTIONS")
{
response.AddHeader(@"Access-Control-Allow-Methods", "GET, POST");
response.AddHeader(@"Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");
response.AddHeader(@"Access-Control-Max-Age", "1728000");
response.StatusCode = 200;
response.End();
HttpApplication httpApplication = (HttpApplication)sender;
httpApplication.CompleteRequest();
}
init = true;
}
else
{
init = false;
}
}
}
</script>
HTH cheers Dave