Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to enable CORS globally in ASP.NET web API core

Tags:

c#

asp.net

asp.net-core

asp.net-web-api

asp.net-web-api2

I found this site:

https://docs.microsoft.com/en-us/aspnet/core/security/cors

However I am confused in how to enable it globally, because it seems there are 2 ways to do it, whats the difference between these 2 ways? or they do 2 different things?

public IConfigurationRoot Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            //https://docs.microsoft.com/en-us/aspnet/core/security/cors
            services.AddCors(options =>
            {
                options.AddPolicy("AllowSpecificOrigin",
                    builder => builder.WithOrigins("http://example.com")
                                        .AllowAnyHeader()
                    );
            });

            services.Configure<MvcOptions>(options =>
            {
                options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSpecificOrigin"));
            });

            // Add framework services.
            services.AddMvc();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddConsole(Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();

            app.UseCors("AllowSpecificOrigin");

            app.UseMvc();
        }
like image 310
Luis Valencia Avatar asked Mar 14 '17 20:03

Luis Valencia

People also ask

How do I add a CORS policy to .NET core?

Enabling CORS in ASP.NET Core with Attributes We can use just the [EnableCors] attribute on top of the controller or the action, and it will implement a default CORS policy. Or we can use the [EnableCors("Policy name")] attribute, to apply a named CORS policy.

1 Answers

The calls in the ConfigureServices just adds Cors services, not set it up (including creating hte policy). By adding the filter you're making it global, but I understand that the UseCors (in Configure) is the preferred way to add it globally. All that the Filter code does is force the attribute on all controllers, and the UseCors effectively does the same thing, just in a different part of the stack. I believe the UseCors will do it for more than just MVC calls which is why it's different.

like image 118
Shawn Wildermuth Avatar answered Oct 10 '22 21:10

Shawn Wildermuth
Sign in to Comment

Related questions

When Are Static Classes In .NET Loaded Into Memory?
C# OAuth batch multipart content response, how to get all the contents not as string objects
How to determine if Copy Local is necessary
Entity Framework adding multiple related entities with single insert
The entity type 'Configuration' requires a primary key to be defined
Can't write an expression-bodied function member
how to configure EmguCV and Visual Studio Express 2010 in Win8.1x64
What is a state machine in terms of JavaScript promises and C# asyc-await?
ASP.NET Core 1.1 can't Publish App
How to safely get localized string in Web Api Controllers?
Wrapping a non async-method (which does web calls) into async
Can DbContext be composed instead of inherited?
AutoFixture+Moq - Freezing a mocked class prevent from setup
Visual Studio 2017 doesn't show tooltip on debugger
UWP Background Task not running after 5 times
Visual Studio 2017 cshtml file errors
How to run XUnit test using data from a CSV file
async await for a single task at a time
Forwarding message with TLSharp library (C#)
find the overlapping points of two series in devexpress chart

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!