Reputation: 197
.NET Core CORS issue for POST request
I have a system that consists of 2 parts: .NET Core 2.1 back-end Web API and Angular 5 front-end. For all POST/PUT requests I've got an error:
Access to XMLHttpRequest at 'https://BACK_END_PATH/api/documents' from origin 'https://FRONT_END_PATH' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
and HTTP status code 401 is returned for the preflight request.
In Angular I use Windows Authentication and send requests with credentials:
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
// add windows credentials
request = request.clone({
withCredentials: true
});
}
I've already turned on CORS for all requests, methods, headers and credentials and checked that CORS is applied before MVC:
readonly string CorsAllowSpecificOrigins = "_corsAllowSpecificOrigins";
public void ConfigureServices (IServiceCollection services)
{
// allow CORS
services.AddCors (options => {
options.AddPolicy (CorsAllowSpecificOrigins,
builder => {
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowCredentials()
.AllowAnyMethod ();
});
});
services.AddMvc (options => {
options.Filters.Add (typeof (ModelValidatorFilter));
})
.SetCompatibilityVersion (CompatibilityVersion.Version_2_1);
//comment for brevity
}
public void Configure (IApplicationBuilder app, IHostingEnvironment env)
{
//comment for brevity
app.UseCors (CorsAllowSpecificOrigins);
app.UseHttpsRedirection ();
app.UseMvc (routes => {
routes.MapRoute (
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
}
I thought that issue was 'application/json' Content-Type, but the same type is used in Postman and Postman requests are working fine.
Also, I found a solution where anonymous users are turned on, but unfortunately I can't use this trick in my system.
Update1: I also tried to set origin in this way:
builder.WithOrigins("https://FRONT_END_PATH")
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyHeader()
.AllowCredentials()
.AllowAnyMethod();
but the error was the same.
Upvotes: 3
Views: 3439
Answers (1)
Reputation: 27793
From this doc, you can find following information:
A CORS preflight request is used to determine whether the resource being requested is set to be shared across origins by the server. And The OPTIONS requests are always anonymous, server would not correctly respond to the preflight request if anonymous authentification is not enabled.
To fix this issue, if you run the App(s) on local for testing purpose with CORS, you can try to enable anonymous authentification.
Besides, if your App(s) are hosted on IIS, you can try to install IIS CORS module and configure CORS for the app.
Upvotes: 3
Related Questions
- Asp.net Core CORS works with GET but not wit POST
- CORS blocking post request even though CORS is enabled in configuration ASP.NET Core Web API
- ASP.NET Core CORS WebAPI: no Access-Control-Allow-Origin header
- has been blocked by CORS policy --why am I getting this error for post request in asp.net core?
- .NET Core 2 Web API: CORS issues
- WebAPI CORS not allowing Post requests
- Angular POST and .NET Core WEB Api - 401 Unauthorized error / CORS
- 404 error when making a POST call from Angular HttpClient to ASP.NET Core 2.2 Web API (with CORS enabled)
- CORS failing for POST in web api
- Getting CORS error with angular and aspnet core