aMerkuri
Reputation: 173
aspnetcore 2.2 api CORS policy
I've updated netcoreapp to 2.2 from 2.1 and cannot figure how to make CORS work again. Previously used following configuration:
services.AddCors(o => o.AddPolicy("App", builder =>
builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
After upgrading to 2.2 .AllowAnyOrigin() is no longer supported. I've changed configuration to:
services.AddCors(o => o.AddPolicy("App", builder =>
builder
.WithOrigins("http://localhost:8080", "ionic://localhost", "http://localhost") // (development, cordova-ios, cordova-android)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
));
}
Also I am using https://github.com/ionic-team/cordova-plugin-ionic-webview plugin for cordova. Webview origin for android and ios are as following: http://localhost, ionic://localhost
I am receiving following error on Android:
Access to XMLHttpRequest at 'https://my-host-app.azurewebsites.net/api/user/profile' from origin 'http://localhost' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested
Request Headers:
:authority: my-host-app.azurewebsites.net
:method: OPTIONS
:path: /api/user/profile
:scheme: https
accept: */*
accept-encoding: gzip, deflate
accept-language: en-US,ru-RU;q=0.9
access-control-request-headers: api-version,deviceid,isapp
access-control-request-method: GET
origin: http://localhost
referer: http://localhost/
user-agent: Mozilla/5.0 (Linux; Android 8.0.0; ONEPLUS A3003 Build/OPR1.170623.032; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.99 Mobile Safari/537.36
x-requested-with: com.company.my-app
Response Headers:
access-control-allow-credentials: true
access-control-allow-headers: api-version,deviceid,isapp
access-control-allow-methods: GET
access-control-allow-origin: http://localhost
date: Tue, 08 Jan 2019 11:52:54 GMT
request-context: appId=cid-v1:d20ad272-fa9b-4051-a89a-eea17ae49380
server: Kestrel
set-cookie: ARRAffinity=2252b451f5ef07b7d0d5027457bd2b71e73fb479db2cf5924161a51c2ec7b5;Path=/;HttpOnly;Domain=my-host-app.azurewebsites.net
status: 204
strict-transport-security: max-age=2592000
vary: Origin
x-powered-by: ASP.NET
Same on iPhone but with ionic://localhost.
Upvotes: 4
Views: 1684
Answers (1)
aMerkuri
Reputation: 173
I resolved by replacing .WithOrigins() to .SetIsOriginAllowed((host) => true).
Upvotes: 6
Related Questions
- How to enable CORS in ASP.NET Core
- .Net Core 6 web api Cors
- Dot Net Core Web API with Javascript - CORS policy error
- How should I set net core api cors?
- Allow Cors Origin in ASP.NET Core
- .Net Core 3.1, cors policy issue although followed Documentation
- ASP.NET Core API Enabling Cors not working
- CORS in .NET Core 3.0
- C# Net Core: After enabling Cors in API, it still states blocked by CORS policy
- How can I use CORS for ASP.Net Core