Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CORS in .NET Core

I am trying to enable CORS in .NET Core in this way:

    public IConfigurationRoot Configuration { get; }      public void ConfigureServices(IServiceCollection services)     {         services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()                                                                     .AllowAnyMethod()                                                                      .AllowAnyHeader()));              services.AddMvc();                 }      public void Configure(IApplicationBuilder app)     {         app.UseCors("AllowAll");          app.UseMvc(routes =>          {              routes.MapRoute(                  name: "default",                  template: "{controller=Home}/{action=Index}/{id?}");          });      } } 

However, when I am sending a request to my app with Angular 2 I am getting the famous

"No 'Access-Control-Allow-Origin' header is present on the requested resource."

error message.

I am also using Windows Authentication + WebListener. If I am checking with postman the only response headers are:

Content-Length →3533 Content-Type →application/json; charset=utf-8 Date →Fri, 14 Oct 2016 12:17:57 GMT Server →Microsoft-HTTPAPI/2.0

So there must be still something wrong configured. Any proposals?

If I remove the outcommented line it works, but I need Windows Authentication :-(

        var host = new WebHostBuilder()             .UseWebListener()             .UseContentRoot(Directory.GetCurrentDirectory())             .UseIISIntegration()             .UseStartup<Startup>()             //.UseWebListener(options => options.Listener.AuthenticationManager.AuthenticationSchemes = AuthenticationSchemes.NTLM)             .Build(); 
like image 658
David Avatar asked Oct 14 '16 12:10

David


People also ask

What are CORS in .NET core?

CORS means cross-origin resource sharing. You'll see more in just a minute, but in a nutshell, CORS is a mechanism—an HTTP protocol, to be exact—that allows web applications to access resources hosted on different domains (or origins.)

How do I add a CORS header in .NET core?

To apply the CORS policy for a particular controller we need to add the [EnableCors] attribute at controller level. You can enable CORS globally for all controllers by adding the CorsAuthorizationFilterFactory filter in the ConfigureServices method, public void ConfigureServices(IServiceCollection services) { services.

What is CORS Web API?

Cross-origin resource sharing (CORS) is a browser security feature that restricts cross-origin HTTP requests that are initiated from scripts running in the browser. If your REST API's resources receive non-simple cross-origin HTTP requests, you need to enable CORS support.


Video Answer


1 Answers

Assume you have the answer, but for the benefit of searchers, I had the same problem with the standard tutorial on .NET Core Cors.

One of the many errors encountered:

XMLHttpRequest cannot load localhost:64633/api/blogs. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'localhost:56573' is therefore not allowed access. The response had HTTP status code 500.

After playing around, the following code worked. Full class posted below to aid understanding of what goes where.

using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Microsoft.EntityFrameworkCore; using Microsoft.AspNetCore.Cors.Infrastructure;  namespace NetCoreWebApiTesting {     public class Startup     {         public Startup(IHostingEnvironment env)         {             var builder = new ConfigurationBuilder()                 .SetBasePath(env.ContentRootPath)                 .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)                 .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true);              if (env.IsEnvironment("Development"))             {                 // This will push telemetry data through Application Insights pipeline faster, allowing you to view results immediately.                 builder.AddApplicationInsightsSettings(developerMode: true);             }              builder.AddEnvironmentVariables();             Configuration = builder.Build();         }          public IConfigurationRoot Configuration { get; }          // This method gets called by the runtime. Use this method to add services to the container         public void ConfigureServices(IServiceCollection services)         {             // Add framework services.             services.AddApplicationInsightsTelemetry(Configuration);              services.AddMvc().AddJsonOptions(options => options.SerializerSettings.ReferenceLoopHandling =                                                             Newtonsoft.Json.ReferenceLoopHandling.Ignore);              // ********************             // Setup CORS             // ********************             var corsBuilder = new CorsPolicyBuilder();             corsBuilder.AllowAnyHeader();             corsBuilder.AllowAnyMethod();             corsBuilder.AllowAnyOrigin(); // For anyone access.             //corsBuilder.WithOrigins("http://localhost:56573"); // for a specific url. Don't add a forward slash on the end!             corsBuilder.AllowCredentials();              services.AddCors(options =>             {                 options.AddPolicy("SiteCorsPolicy", corsBuilder.Build());             });         }          // This method gets called by the runtime. Use this method to configure the HTTP request pipeline         public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)         {             loggerFactory.AddConsole(Configuration.GetSection("Logging"));             loggerFactory.AddDebug();              app.UseApplicationInsightsRequestTelemetry();              app.UseApplicationInsightsExceptionTelemetry();              app.UseMvc();              // ********************             // USE CORS - might not be required.             // ********************             app.UseCors("SiteCorsPolicy");         }     } } 

To use it you can add the EnableCorsAttribute either on the controller or on the method. e.g.

[EnableCors("SiteCorsPolicy")] [Route("api/[controller]")] public class BlogsController : Controller {  } 

or

// POST api/value [EnableCors("SiteCorsPolicy")] [HttpPost] public HttpResponseMessage Post([FromBody]Blog value) {     // Do something with the blog here....      var msg = new HttpResponseMessage(System.Net.HttpStatusCode.OK);     return msg;  } 

When I called this using the following code (using standard js/jQuery for easy of copy and paste), the communication stopped being rejected.

function HandleClick() {      var entityData = {         "blogId": 2,         "url": "http://blog.com/blog1",         "posts": [         {             "postId": 3,             "title": "Post 1-1",             "content": "This is post 1 for blog 1",             "blogId": 2         },         {             "postId": 4,             "title": "Post 1-2",             "content": "This is post 2 for blog 1",             "blogId": 2         }         ]     };      $.ajax({         type: "POST",         url: "http://localhost:64633/api/blogs",         async: true,         cache: false,         crossDomain: true,         data: JSON.stringify(entityData),         contentType: "application/json; charset=utf-8",         dataType: "json",         success: function (responseData, textStatus, jqXHR) {             var value = responseData;         },         error: function (responseData, textStatus, errorThrown) {             alert('POST failed.');         }     }); } 
like image 199
JsAndDotNet Avatar answered Sep 18 '22 15:09

JsAndDotNet