content-type is not allowed by Access-Control-Allow-Headers in preflight response, in spite of all cors requests seemingly allowed

Question

I have 2 dot net core applications. One being used as an API server and the other as an angular web client.

Just to get things working for the sake of getting work done, I had put this in the ConfigureServices method of my API server's startup. I believed this would just allow any requests..

services.AddCors(options =>
            {
                options.AddPolicy(ALL_ORIGINS,
                builder =>
                {
                    builder.WithOrigins("*");
                });
            });

It seemed to be working but all of my requests were GETs. The first time I tried to POST I got the error

Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response

Figuring I had a crappy temporary solution in place on the API server I put the same "*" cors policy in place in the angular web client server and it didn't help.

I'm not sure what I need to do here..

Answer 1

Try this

services.AddCors(options =>
            {
                options.AddPolicy("AllowAllOrigins",
                    builder =>
                    {
                        builder.AllowAnyOrigin();
                        builder.AllowAnyHeader();
                        builder.AllowAnyMethod();
                    });
            });

That should work at least in .NET Core 2.1