Try Xenarius Free

How To Enable Cross-Domain Requests in Xenarius Simulator

Desktop web browsers apply limitations on cross domain service requests. For example, your web browser will limit requests from to if the doesn’t provide special headers that explicitly allow requests from These headers are called CORS-headers.

Since Xenarius Simulator is a web application running in your browser, you need to allow cross-domain requests from domain. The problem affects Simulator app only. Packaged and deployed apps won’t have this problem.

There are two ways to enable cross-domain requests during development:

  • Install the Allow-Control-Allow-Origin:* extension that enables cross-domain requests in Chrome. To turn the extension on/off, click the extension icon.

  • Change your service to support CORS headers and allow cross-domain requests from This doesn’t affect web service’s security and solves the problem in all browsers.

If you can change your web service, here are step-by-step guides on how to enable CORS:

Note that if a service uses cookies, the browser will prevent Xenarius from setting cookies when an application running in the Simulator starts connecting to the server. An icon at the end of the address bar will say “This page was prevented from setting cookies”. You have to allow to set cookies and click Done.

Allow Xenarius to set cookies

CORS for ASP.NET Services

To access ASP.NET services across domains, you can enable CORS globally across the API. To do this, add the Microsoft.AspNet.WebApi.Cors NuGet package to your project and add the following code to the WebApiConfig.Register or Application_Start methods.

using System.Web.Http.Cors;

public static void Register(HttpConfiguration config)
    var corsAttr = new EnableCorsAttribute(",", "*", "*");
    corsAttr.SupportsCredentials = true;	// If your service uses cookie-based authentication

CORS for WCF Services

To enable CORS for WCF services, create a class that adds CORS headers to responses. Below is sample code. Note that the provided code opens access to the resource for all domains. To provide access to the resource only for a required domain, you need to add the corresponding check to the code.

static class CorsSupport {

        public static void HandlePreflightRequest(HttpContext context) {
            var req = context.Request;
            var res = context.Response;
            var origin = req.Headers["Origin"];

            if (!String.IsNullOrEmpty(origin)) {

   // Here you can check if a certain domain makes requests

                res.AddHeader("Access-Control-Allow-Origin", origin);
                res.AddHeader("Access-Control-Allow-Credentials", "true");

                var methods = req.Headers["Access-Control-Request-Method"];
                var headers = req.Headers["Access-Control-Request-Headers"];

                if (!String.IsNullOrEmpty(methods))
                    res.AddHeader("Access-Control-Allow-Methods", methods);

                if (!String.IsNullOrEmpty(headers))
                    res.AddHeader("Access-Control-Allow-Headers", headers);

                if (req.HttpMethod == "OPTIONS") {
                    res.StatusCode = 204;


Then, add the Application_BeginRequest method to the global.asax.cs file:

public class Global : System.Web.HttpApplication {

        protected void Application_BeginRequest(object sender, EventArgs e) {


Enabling CORS Using web.config

If a service does not require authorization, you can enable CORS by using web.config. To allow any origin to make requests to the Web API, add the Access-Control-Allow-Origin header and set its value to an asterisk.

      <add name="Access-Control-Allow-Origin" value="*" />

In this way, you can enable CORS for ASP.NET services as well as for WCF services.