Reputation: 1586
Issue in CORS in ASP .NET Core - The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*
I'm getting the below error
Access to XMLHttpRequest at 'http://localhost:5000/api/values/track/?name=name&time=1589425390870' from origin 'http://localhost:23456' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
I have configured Asp.net core app like below
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader().AllowCredentials() ;
}));
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("MyPolicy");
app.UseMvc();
}
Content type: application/x-www-form-urlencoded
Can some one please help me in resolving this issue?
Upvotes: 3
Views: 5067
Answers (1)
Reputation: 27793
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
As error indicates that you configure your app with both AllowAnyOrigin and AllowCredentials methods, which cause that the CORS service returns an invalid CORS response.
You can modify the code to enable specific origins, like below.
builder.WithOrigins("set_specified_origins_here")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
For detailed information about "Set the allowed origins", please check following doc: https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-2.0#set-the-allowed-origins-1
Upvotes: 6
Related Questions
- The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'
- CORS Missing Allow Origin error .NET Core API when trying to fetch data
- Issue: No 'Access-Control-Allow-Origin' header is present on the requested resource
- CORS asp.net core webapi - missing Access-Control-Allow-Origin header
- Allow Cors Origin in ASP.NET Core
- ASP.NET Core CORS WebAPI: no Access-Control-Allow-Origin header
- CORS in .NET Core 2.0 "No 'Access-Control-Allow-Origin' header is present on the requested resource."
- been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed
- How to fix No 'Access-Control-Allow-Origin' error in dotnet core web api
- ASP.Net Core WebAPI - No 'Access-Control-Allow-Origin' header is present on the requested resource