Menu
We are working on application that has mobile part and web UI. The web UI uses angular and we have problems configuring the cors on the backend. Our code looks like this (just the code important to our problem):
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseCors("AllowAll");
app.UseMvc();
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
//Add Cors support to the service
services.AddCors(
options => options.AddPolicy(
"AllowAll", p => p.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
)
);
}
From the documentatiaon and other post on stackoverflow this should work, but not. What have we missed?
thnx
EDIT:
This is the request from POSTMAN:
curl 'https://guw.azurewebsites.net/api/token' -X OPTIONS -H 'Pragma: no-cache' -H 'Access-Control-Request-Method: POST' -H 'Origin: http://localhost:9000' -H 'Accept-Encoding: gzip, deflate, sdch, br' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36' -H 'Accept: /' -H 'Cache-Control: no-cache' -H 'Referer: http://localhost:9000/' -H 'Connection: keep-alive' -H 'Access-Control-Request-Headers: accept, authorization, content-type' --compressed
You can import this in postman and have a look on it. This request is sent by angular app.
Hope this helps.
At the end I decided to add in my middleware this method:
private void AddCors(HttpContext context)
{
context.Response.Headers.Add("Access-Control-Allow-Headers",
new string[] { "Authorization", "Content-Type" });
context.Response.Headers.Add("Access-Control-Allow-Methods",
new string[] { "OPTIONS", "POST", "GET", "DELETE", "PUT" });
IEnumerable<string> allowedUrls = new List<string>()
{
"http://localhost:8100",
"http://localhost:9000"
};
if (allowedUrls.Count() > 0)
{
foreach(string x in allowedUrls)
{
var origin = context.Request.Headers.FirstOrDefault(
key => key.Key == "Origin");
var found = x.ToLower() == origin.Value.ToString().ToLower();
if (found)
{
context.Response.Headers.Add("Access-Control-Allow-Origin",
new string[] { origin.Value });
}
}
}
return;
}
EDIT:
This was good, but in the logic it not worked as I needed, so I ended up with this in my middleware class, and this works fine:
// Add CORS to every response
context.Response.Headers.Add("Access-Control-Allow-Headers",
new string[] { "Authorization", "Content-Type" });
context.Response.Headers.Add("Access-Control-Allow-Methods",
new string[] { "OPTIONS", "POST", "GET", "DELETE", "PUT" });
context.Response.Headers.Add("Access-Control-Allow-Origin", "*");
if (context.Request.Method.Equals("OPTIONS", StringComparison.Ordinal))
{
context.Response.StatusCode = 204;
return _next(context);
}
thx
976
In my application (which has angular2 as frontend), I am doing it following way-
app.UseCors(builder => {
builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
});
Refer this for more information - https://docs.asp.net/en/latest/security/cors.html
See if this helps.
165
You should read the following article to get a good understanding of how Cors can be used in ASP.NET 5.
https://docs.asp.net/en/latest/security/cors.html
Basically UseCors registers a Cors middleware to handle Cors related requests. But you actually need NOT register it in your case as MVC has built-in components (filters) which take care of it in a similar fashion. The Cors middleware is useful in scenarios where you do not want to use MVC.
So for you scenario, remove the UseCors registration and if you take a look at the above link, you can see that to enable global Cors policy, you can do something like below:
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAll"));
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
