.NET backend: CORS headers set by mapservice should be optional

[maan002]

Is your feature request related to a problem? Please describe.
The .NET Backend is designed to always set and return CORS headers to the client using C# code. In simple installations this might be what you want. In more advanced installations you really want to do this by installing and using the IIS CORS Module, not by application code.

To get the same functionality using the CORS Module you have to add 3-5 lines in Web.config.

<system.webServer>
  <cors enabled="true">
    <add origin="*" />
  </cors>
</system.webServer>

Example of C# code is found in the AllowCrossSiteJsonAttribute.cs file and the ExportController.cs file, function [HttpOptions] PDF.

There is a risk that headers set by the application will interfer with the headers set by the CORS Module.

Describe the solution you'd like
Add a compiler setting that will remove the CORS code from the .NET Backend if enabled.
The compiler setting should default to keep the CORS code.

Describe alternatives you've considered
Remove the CORS code altogether, but this might break existing installations.

Additional context

[jacobwod]

Looks like #199 that I created and then closed as stale after some time (there was no consensus about it at that time, some people really wanted it to stay the way it works). Here's some abstract from my original issue:

Mapservice should not assume that CORS will be needed. It should be left to the system administrator to decide, and when necessary, CORS headers are easily added in Web.config.

Thumbs up from me, even if we don't use this backend it looks as the correct behaviour (that's how it works in the NodeJS backend too). But make sure to ask the question so everyone gets a saying in this one as it will break existing setups without necessary changes in Web.config.