Reputation: 29973
Can't enable CORS for specific API controllers in ASP.NET Core WebApp targeting netcoreapp3.0
I'm trying to enable CORS for a specific API controller in an ASP.NET Core application. First, I install the NuGet package, and this is added to my .csproj:
<PackageReference Include="Microsoft.AspNetCore.Cors" Version="2.2.0" />
Then, I add the following in my ConfigureServices:
services.AddCors(options => {
options.AddPolicy("AllowAll", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
});
After that, if I add this in my Configure, it works:
app.UseCors("AllowAll");
However, this enables CORS for all controllers. I just want to enable it for SessionApiController. If I instead add the EnableCorsAttribute to the controller:
[Route("api/session")]
[EnableCors("AllowAll")]
[ApiController]
public class SessionApiController : Controller {
[...]
[Route("init")]
public JsonResult InitSession() {
[...]
}
}
... it doesn't work, and Chrome gives me a CORS error when I try to access the /api/session/init endpoint ("No 'Access-Control-Allow-Origin' header is present on the requested resource."). What am I missing here?
Upvotes: 2
Views: 4702
Answers (1)
Reputation: 28434
Considering the following an ASP.NET Core WebApp:
App.csproj:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.0</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Cors" Version="2.2.0" />
</ItemGroup>
</Project>
Extract from Startup.cs:
public void ConfigureServices(IServiceCollection services) {
services.AddCors(options => {
options.AddPolicy("AllowAll", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
});
services.AddControllers();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
app.UseCors(); // Doesn't work
//app.UseCors("AllowAll"); // Works
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints => {
endpoints.MapControllers();
});
}
Extract from a controller in which you want to apply the AllowAll policy:
[EnableCors("AllowAll")]
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
In order to correctly apply CORS in it, you need to apply the following changes into the code as described in the migration MS docs:
- Remove deprecated
Microsoft.AspNetCore.*packages, in your caseMicrosoft.AspNetCore.Cors. This results in your.csprojlooking like:
<Project Sdk="Microsoft.NET.Sdk.Web"> <PropertyGroup> <TargetFramework>netcoreapp3.0</TargetFramework> </PropertyGroup> </Project>
Carefully follow the middleware migration advice in the msdocs as the order is important!. This results in
Startup#Configurelooking as follows:public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { app.UseRouting(); // AFAIK in netcoreapp2.2 this was not required // to use CORS with attributes. // This is now required, as otherwise a runtime exception is thrown // UseCors applies a global CORS policy, when no policy name is given // the default CORS policy is applied app.UseCors(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseHttpsRedirection(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); }
Upvotes: 6
Related Questions
- Failed to enable CORS in asp .net core 6.0 Web Api
- Problem in enabling CORS in asp net core web api v3.0
- Can't enable CORS globally in ASP.NET web API core
- .Net Core 3.1, cors policy issue although followed Documentation
- ASP.NET Core API Enabling Cors not working
- .NET Core 2.2 CORS Not Allowing Requests
- How to remove CORS restriction for one Controller Action in .net core 3.1
- CORS in .NET Core 3.0
- Can't get CORS working for ASP.NET Core Web API
- C# Net Core: After enabling Cors in API, it still states blocked by CORS policy