CODEWITHSUNDEEP
.net.net-core
Eslam Said Khashb
Eslam Said Khashb

Reputation: 65

CORS policy Bug

Access to XMLHttpRequest at from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. My Code in backend

        public static readonly string AllowOriginPolicy = "allowOriginPolicy";
        services.AddCors(options =>
        {
            options.AddPolicy(AllowOriginPolicy, builder =>
            {
                builder
                    .AllowAnyOrigin()
                    .AllowAnyHeader()
                    .AllowAnyMethod()
                    .DisallowCredentials()
                    .Build();
            }
            );
        });
        app.UseCors(AllowOriginPolicy);

and still appear cors policy problem

Upvotes: 0

Views: 130

Answers (2)

cklimowski
cklimowski

Reputation: 601

This seems to be a client side error, the request coming IN to the server side code has the withCredentials attribute, not the other way around.

In this case I would recommend examining the request, specifically if you have control over the withCredentials attribute of the request, and possibly changing the withCredentials attribute to "don't include"

OR

you can change your Access-Control-Allow-Origin from "all" to the origin of the HTTP request coming in to the backend of the server. This way your backend server code won't respond with the "*" wildcard that is throwing the error due to the request having the withCredentials attribute.

An example of the above would be this: 

app.UseCors(builder => builder.WithOrigins("http://localhost:4200")

Where the localhost:4200 is the "origin".

Upvotes: 1

denizkanmaz
denizkanmaz

Reputation: 716

I am droping a very basic CORS configuration here as there is no detailed information provided.

Hope it helps.

        public void Configure(IApplicationBuilder app,
            IWebHostEnvironment env,
            IApplicationLifetime applicationLifetime,
            ILoggerFactory loggerFactory)
        {
            // ---

            app.UseCors(builder => builder.WithOrigins("http://localhost:4200")
            .AllowAnyHeader()
            .AllowAnyMethod()
            .AllowCredentials());

            // ---

        }

For further information about configuring cors in aspnetcore: https://learn.microsoft.com/tr-tr/aspnet/core/security/cors

Upvotes: 1

Related Questions