How to fix "The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time" error

Question

I've already enabled CORS on the project in C# .net Core

In startup.cs I've added lines

... services.AddCors(); ... app.UseCors(builder => builder     .AllowAnyOrigin()     .AllowAnyMethod()     .AllowAnyHeader()     .AllowCredentials()); 

But when I try to use API in another Blazor project I see in logs in my API project on Host this error

The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the policy by listing individual origins if credentials needs to be supported

My code in Blazor

using (HttpClient http = new HttpClient()) {   http.DefaultRequestHeaders.Add("Authorization", "Token");    var response = await http.GetStringAsync("https://example.com?prm=2");    Console.WriteLine(response);    dynamicContent = response; } 

Before I enable Cors I see another error in the browser console

What can I change for solving it?

Answer 1

I had the same issue and I removed AllowCredentials() that fixed the issue for me.

Answer 2

You should have provided the rest of your code... Is this a Blazor client application or Razor Components application (formally known as Server-Side Blazor) ? I guess this is a Blazor client application, right ? Why do you instantiate an HttpClient ? You should use DI (Perhaps Constructor Injection) instead, injecting an HttpClient instance provided by Blazor itself.

The problem is probably server side, though it surfaces as a client one... Try the following:

Get https://www.nuget.org/packages/Microsoft.AspNetCore.Cors/

public void ConfigureServices(IServiceCollection services) {     services.AddCors(options =>     {         options.AddPolicy("CorsPolicy",             builder => builder.AllowAnyOrigin()                 .AllowAnyMethod()                 .AllowAnyHeader());     });      ..... } 

And this:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)     {       app.UseCors("CorsPolicy"); } 

Note, once again: CORS needs to be enabled on the server side, not in blazor. See https://docs.microsoft.com/en-us/aspnet/core/security/cors for details on how to enable CORS in ASP.NET Core.

Blazor:

 @page "/<template>"  @inject HttpClient Http   @functions {      protected override async Task OnInitAsync()     {         var response= await Http.GetJsonAsync<string>                           ("https://example.com?prm=2");      }  }   

Hope this helps...