I'm getting the following error in Chrome:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseIISPlatformHandler();
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseCors(policy => policy
.WithOrigins("http://localhost:9000")
.AllowAnyMethod()
.WithHeaders("Access-Control-Allow-Origin, Content-Type, x-xsrf-token, Authorization")
.AllowCredentials());
app.UseMvc();
}
According to chrome there is not a single header being added to the response.
What is the correct way to add the access-control-allow-origin
header to a options response in Asp.NET 5?
Simply add a header to your HttpServletResponse by calling addHeader : response. addHeader("Access-Control-Allow-Origin", "*");
If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.
Consider that Google Chrome has an issue which does not support localhost to go through the Access-Control-Allow-Origin.
In your code, you have enabled CORS with the AddCors
and UseCors
methods in Configure
method, please make sure you've followed the instructions available in Specifying a CORS Policy (which is used in ConfigureServices
method) and How to enable CORS in ASP.NET 5
You can also simply write an Action Filter for plain Asp.net MVC controller.
Microsoft.AspNet.WebApi.Cors
: use it to enable the CORS request
ONLY for the Web APIs.Microsoft.AspNet.Cors
: Use it to enable CORS for MVC controllers.Microsoft.Owin.Cors
: Use it to enable CORS for all cross-origins
requests coming to your site, for example, when you you want to
enable CORS for both Web API and SignalR.If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With