http.sys - Enable CORS for Reporting Services

Question

I need to enable CORS in Reporting Services so that I can download reports from my web application using ajax. What I've learned so far is, that SSRS is no longer using IIS, but http.sys to serve web.requests. Is there a simple way to add CORS support to SSRS (2012)?

Answer 1

I managed to get this working by adding the following code to the global.asax in reportserver directory.

<%@ Application Inherits="Microsoft.ReportingServices.WebServer.Global"  %>
<%@ Import namespace="System.Web" %>
<%@ Import namespace="System.Security" %>

<script runat="server">
private static bool init;
private static object lockObject = new object();

void Application_BeginRequest(object sender, EventArgs e)
{
    lock(lockObject)
    {
        if (!init)
        {
            HttpContext context = HttpContext.Current;
            HttpResponse response = context.Response;
            string allow = @"Access-Control-Allow-Origin";

            // enable CORS
            response.AddHeader(allow, "http://yoursourcedomain.com");
            response.AddHeader(@"X-Frame-Options", "ALLOW-FROM http://yoursourcedomain.com");
            response.AddHeader(@"Access-Control-Allow-Credentials", "true");

            if (context.Request.HttpMethod == "OPTIONS")
            {
                response.AddHeader(@"Access-Control-Allow-Methods", "GET, POST");
                response.AddHeader(@"Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");
                response.AddHeader(@"Access-Control-Max-Age", "1728000");
                response.StatusCode = 200;
                response.End();
                HttpApplication httpApplication = (HttpApplication)sender;
                httpApplication.CompleteRequest();
            }
            init = true;
        }
        else
        {
            init = false;
        }
    }
}
</script>

HTH cheers Dave