We must keep HTTP OPTIONS enabled in IIS to allow Cross-origin requests from the browser. We use this technique in TMAC UI to support HA.
If we can disable this then below is the approach,
Description:
Steps to disable this is as below,
- Open IIS Manager.
- Select the Website for which this must be disabled.
- Double click on option “Request Filtering”.
- Select the HTTP Verbs tab.
- From Actions pane, select “Deny Verb”.
- Insert “OPTIONS” in the Verb and then press OK to save changes.