While developing an adal.js app with OData in IISExpress, I'm getting the following error:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost:44315' is therefore not allowed access
Turns out the problem is that I needed to include the CORS package from Microsoft:
Once that's in there, I also need to enable CORS using the 'EnableCors' extension method on my HttpConfiguration.