Redirecting to subdomain from WebAPI controller - CORS required?

Question

Currently, my WebAPI controller does this:

var newUrl = _adminService.Foo(bar);
return Request.CreateResponse(HttpStatusCode.OK, newUrl);

So the client receives a string, and then sets window.location with javascript.

This seems like a hacky way to redirect via WebAPI. I found this post:

Redirect from asp.net web api post action

Which I've implemented:

var newUrl = _adminService.Foo(bar);
var response = Request.CreateResponse(HttpStatusCode.Moved);
response.Headers.Location = new Uri(newUrl);
return response;

But now I get the following error in chrome (when navigating from localhost to the subdomain):

XMLHttpRequest cannot load http://test.localhost:3806/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3806' is therefore not allowed access.  

Do I need to configure CORS for this?

Answer 1

Do I need to configure CORS for this?

Yes, you do need if your javascript is hosted on a different domain than your Web API.

Answer 2

Yep, you have to use CORS but not all browser support it.

here there is a compatibility table and here some Restrictions, Limitations and Workarounds for IE 8/9