Reputation: 1994
How do you enable cross-origin requests (CORS) in ASP.NET Core MVC
I'd like to enable CORS on an API built with ASP.NET Core MVC, but all the current documents refer to earlier versions of that framework.
Upvotes: 33
Views: 23614
Answers (6)
Reputation: 1775
Install : Microsoft.AspNetCore.Cors
In Configure method:
app.UseCors(builder =>
builder.WithOrigins("http://some.origin.com"));
Upvotes: 1
Reputation: 1074
The notes on the new Cors features are very light, but I was able to get it working in my solution by looking at the new classes and methods. My Web API startup.cs looks like this. You can see how you can construct your origins and policies her by using the new CorsPolicy class. And enabling CORS with the AddCors and UseCors methods.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
//Add Cors support to the service
services.AddCors();
var policy = new Microsoft.AspNet.Cors.Core.CorsPolicy();
policy.Headers.Add("*");
policy.Methods.Add("*");
policy.Origins.Add("*");
policy.SupportsCredentials = true;
services.ConfigureCors(x=>x.AddPolicy("mypolicy", policy));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
// Configure the HTTP request pipeline.
app.UseStaticFiles();
//Use the new policy globally
app.UseCors("mypolicy");
// Add MVC to the request pipeline.
app.UseMvc();
}
You can also reference the policy in the controllers with the new attributes like so
[EnableCors("mypolicy")]
[Route("api/[controller]")]
Upvotes: 29
Reputation: 22242
In the most recent RC2 of ASP.NET Core.
The NuGet packages are
"Microsoft.AspNetCore.Owin": "1.0.0-rc2-final",
"Microsoft.AspNetCore.Cors": "1.0.0-rc2-final",
In Startup.cs
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddCors();
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCors(builder => builder
.AllowAnyOrigin());
app.UseMvc();
}
Upvotes: 8
Reputation: 46651
I got it working using the following code:
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin()));
}
You can chain AllowAnyHeader() and/or AllowAnyMethod() to the configure action if needed.
To configure it for the complete app:
public void Configure(IApplicationBuilder app)
{
app.UseCors("AllowAll");
}
Or just for a controller:
[EnableCors("AllowAll")]
public class HomeController : Controller
{
// ...
}
--
Update: configuring CORS for all requests can be done a bit easier:
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddCors();
}
public void Configure(IApplicationBuilder app)
{
app.UseCors(builder =>
{
builder.WithOrigins("http://some.origin.com")
.WithMethods("GET", "POST")
.AllowAnyHeader();
});
}
For more information, refer to the docs.
Upvotes: 19
Reputation: 1197
cs1929 the method services.ConfigureCors(...) does no more exist. It is combined to AddCors:
services.AddCors(options =>
options.AddPolicy("AllowAllOrigins", builder => builder.AllowAnyOrigin()));
Upvotes: 3
Reputation: 57999
Support for CORS is currently in development. Following issue is tracking that: https://github.com/aspnet/Mvc/issues/498
Update (3/28/2015):
This feature has been checked in and should be available in the next release.
Upvotes: 3
Related Questions
- How to enable CORS in ASP.net Core WebAPI
- How to enable CORS in ASP.NET Core
- How to enable CORS in Asp.Net Core 3.0 WebAPI
- Allow Cors Origin in ASP.NET Core
- CORS in .NET Core 2.0 "No 'Access-Control-Allow-Origin' header is present on the requested resource."
- How can I use CORS for ASP.Net Core
- Asp.NET MVC Core CORS
- Can't enable Cross-Origin Requests (CORS) in ASP.NET Core 1.0
- Enable cross-origin resource sharing (CORS) in ASP.Net 5 / Core
- Enable cross-origin requests (CORS) in ASP.NET 5 & MVC 6