Adding CORS support to the deprecated soap.net service asp.net

To allow developers to connect to the development server, I would like to enable CORS. On the development server, I added the following web.config parameters:

   <add name="Access-Control-Allow-Origin" value="http://localhost:3000" />
   <add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS" />
   <add name="Access-Control-Allow-Headers" value="Content-Type" />
   <add name="Access-Control-Allow-Credentials" value="true" />

      

        
        
        
      

    

When I hit ASMX and WSDL (for example /SomeService.asmx?WSDL

) I see headers. However, when the client library that my development partners are using hits the service, it immediately makes a request OPTIONS

against the target method:

OPTIONS /SomeService.asmx/GetAll HTTP/1.1
etc.

      

        
        
        
      

    

Again, the corresponding CORS headers are present, but the server gives a 500 status code and no subsequent real request is raised. The same error occurs if a OPTIONS

verb is used instead of a request GET

.

I apparently need to handle requests not POST

in my soap service (in particular OPTIONS

). But I don't even know where to start. I tried to add this to the web config:

<webServices>
  <protocols>
    <add name="HttpGet" />
    <add name="HttpPost" />
  </protocols>
</webServices>

      

        
        
        
      

    

And it allows GET

requests to go through; but they are treated as if they were complete POST

s, and OPTIONS

still fails.

Is there an easy way to handle custom and / or OPTIONS

verbs in the legacy, asp.net (.net 3.5) ASMX / SOAP service? Or, is there a faster way to give client side developers access to development server services?