ASP.NET Core AWS Serverless and CORS

Question

I'm using Visual Studio to publish an ASP.NET Core 2.1 app to AWS Lambda (serverless). No matter what I've tried I cannot get CORS to work.

All I really want to do is add the header access-control-allow-origin globally to my web app.

Has anyone ever successfully added headers to an ASP.NET Core 2.1 Serverless app?

Startup.cs

public void ConfigureServices(IServiceCollection services)
{
    // AddCors must be before AddMvc
    services.AddCors();

    services.AddMvc()
        .SetCompatibilityVersion(CompatibilityVersion.Version_2_1)
    );
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    // UseCors must be before UseMvc
    app.UseCors(builder => builder
        .AllowAnyOrigin()
        .AllowAnyMethod()
        .AllowAnyHeader()
        .AllowCredentials()
    );
    // Also tried this
    // app.UseCors(
    //    o => o.WithOrigins("http://example.com").AllowAnyMethod()
    //);

    app.UseMvc();
}

No CORS headers are added to my pages. I'm using Chrome dev tools to inspect my headers. I should see them on the homepage (for example) correct?

Any ideas? I'm dyin over here. Thanks!

EDIT

This application only uses API Gateway, Lambda and a few other services. It's great because I'm only charged when someone hits my app. There are no hourly charges. No EC2 or ELB which is amazing.

Also, I almost added this to my original post. The article @sturcotte06 references has a gotcha.

The API Gateway (automatically generated) uses the ANY method in a proxy integration. The above article says this...

Important

When applying the above instructions to the ANY method in a proxy integration, any applicable CORS headers will not be set. Instead, your backend must return the applicable CORS headers, such as Access-Control-Allow-Origin.

Ugh! So it's saying I must do this on the backend (Startup.cs right?) which is exactly what seems to get ignored when published.

ASP.NET Core AWS Serverless and CORS

Answers (1)

Related Questions