Menu
I built an ASP.NET Web API service and enabled CORS in that service. This service is used for serving report templates resources (html, image, css, font). The web client loads the template and display report based on downloaded template.
So, given the service enpoint: http://templates.domain.com,
and I try access the service (REST, Image, Font) from a web app (http://client.domain.com), then the web client app will load:
http://templates.domain.com/templates/:templateNamehttp://templates.domain.com/templates/:templateName/css/style.csshttp://templates.domain.com/templates/:templateName/image/header.jpghttp://templates.domain.com/templates/:templateName/font/test.ttfIn the above, the REST API, CSS, and images from the service working well, but the font is blocked/failed.
Font from origin 'http://localhost:49350' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null'
So far, I've tried the solutions below, but the font is still blocked.
Microsoft.Owin.Cors:
app.UseCors(CorsOptions.AllowAll);
Microsoft.AspNet.WebApi.Cors:
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);
646
Are you using OWIN or WebAPI?
For a AspNet WebAPI the following would allow everything through:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
It is important to point out that allowing "*" is potential security vulnerability as you are saying anyone from anywere can invoke these methods.
157
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
