Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ASP.NET 5: Access-Control-Allow-Origin in response

Tags:

c#

cors

asp.net-core

asp.net-core-mvc

azure-web-app-service

From what I understand, when enabled CORS accordingly, the response model should include the following header information (provided that I want to allow everything):

Access-Control-Allow-Origin: *
Access-Control-Allow-Method: *
Access-Control-Allow-Header: *

Enabling it in Startup:

public void ConfigureServices(IServiceCollection services)
{
    //...
    services.AddCors();
    services.ConfigureCors(options => 
    {
        options.AddPolicy("AllowAll", p => p.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
    });
    //...
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    //...
    app.UseCors("AllowAll");
    //...
}

The problem is that none of these headers are returned and I get the following error when trying to request from the API:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.

like image 368
Dave New Avatar asked Dec 03 '15 12:12

Dave New

2 Answers

Make sure you add app.UseCors before app.UseMvc in your Startup.Configure method, because you need the CORS middleware to be applied before the MVC middleware. 

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    ...

    //Add CORS middleware before MVC
    app.UseCors("AllowAll");

    app.UseMvc(...);
}

Otherwise the request will be finished before the CORS middleware is applied. This is because UseMvc calls UseRouter which ends up adding the RouterMiddleware, and this middleware only executes the next configured middleware when a route handler wasn't found for the request.

like image 108
Daniel J.G. Avatar answered Oct 11 '22 14:10

Daniel J.G.

In .Net Core Web API 5.0 in Configure method you have to add app.UseCors before other methods, like that:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        ...
    }

    //add CORS
    app.UseCors();

    app.UseHttpsRedirection();

    app.UseRouting();

    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllers();
    });
}
like image 22
Kacper Adamiak Avatar answered Oct 11 '22 13:10

Kacper Adamiak
Sign in to Comment

Related questions

How to search and replace exact matching strings only
Ninject + MVC3 is not injecting into controller
"Not Responding" in window title when running in new process
Why does this variable need to be set to null after the object is disposed?
Linq - How to select items from a list that contains only items of another list?
Pad Left & Pad Right (Pad Center) String
How to include null properties during xml serialization
How to lock a object when using load balancing
Lock only if value is same?
How to call a method overload based on closed generic type?
How do I convert DateTime to yyyy-mm-ddT00:00:00.000Z format in C#?
PDFsharp word wrap
WPF how to make textbox lose focus after hitting enter
increase text box size bootstrap (ASP.NET MVC)
HttpClient does not serialize XML correctly
How do I select correct DbSet in DbContext based on table name
Breaking from a loop with button click - C#
Dynamically Add Fields to Razor Form
Whole word search in LINQ
async/await in MVC controller's action

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!