Reputation: 2329
Enabling CORS in ASP.NET Core 6
I have an ASP.NET Core 6 Web API that has a react front end.
I would like to use named policies to enable cors so I have in my startup
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("MyPolicy",
builder => builder.WithOrigins("http://localhost:3000/"));
});
services.AddControllersWithViews();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
// Shows UseCors with named policy.
app.UseCors("MyPolicy");
app.UseStaticFiles();
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
Now I can call it in the controller like this:
[EnableCors("MyPolicy")]
public class ProductsController : ControllerBase
This worked in .NET Core 3.1 but not in .NET 6.
What is the right way of doing this in an ASP.NET Core 6 Web API?
Changing the program CS to acomodate CORS policy still doesnt work
public static void Main(string[] args)
{
var host = CreateHostBuilder(args).Build();
using var scope = host.Services.CreateScope();
var context = scope.ServiceProvider.GetRequiredService<StoreContext>();
var logger = scope.ServiceProvider.GetRequiredService<ILogger<Program>>();
try
{
context.Database.Migrate();
DbInitializer.Initialize(context);
}
catch (Exception ex)
{
logger.LogError(ex, "Problem migrating data");
}
var builder = WebApplication.CreateBuilder(args);
var MyAllowSpecificOrigins = "AnotherPolicy";
builder.Services.AddCors(options =>
{
options.AddPolicy(name: MyAllowSpecificOrigins,
builder =>
{
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection");
builder.Services.AddDbContext<StoreContext>(options =>
{
options.UseSqlite(connectionString);
});
builder.Services.AddControllers();
var app = builder.Build();
app.UseHttpsRedirection();
app.UseRouting();
app.UseCors(MyAllowSpecificOrigins);
app.UseAuthorization();
app.MapControllers();
try
{
app.Run();
}
catch (Exception)
{
throw;
}
//host.Run();
}
This gives me the same error Access to fetch at 'http://localhost:5000/api/Products' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
Upvotes: 5
Views: 7899
Answers (3)
Reputation: 153
This does the trick for me in program.cs
// global cors policy
app.UseCors(x => x
.AllowAnyMethod()
.AllowAnyHeader()
.SetIsOriginAllowed(origin => true) // allow any origin
.AllowCredentials());
Upvotes: 0
Reputation: 321
As noted in the documentation:
The specified URL must not contain a trailing slash (/). If the URL terminates with /, the comparison returns false and no header is returned.
Upvotes: 2
Reputation: 91
in program.cs file:
app.UseCors(
options => options.WithOrigins("*").AllowAnyMethod().AllowAnyHeader()
);
Upvotes: 7
Related Questions
- Why do I get a CORS error in my ASP.NET Core 5 WebAPI code?
- How to enable CORS in ASP.NET Core
- How to enable cors in ASP.NET Core 6.0 Web API project?
- How to enable CORS in Asp.Net Core 3.0 WebAPI
- .Net Core 6 web api Cors
- Failed to enable CORS in asp .net core 6.0 Web Api
- Problem in enabling CORS in asp net core web api v3.0
- Can't enable CORS globally in ASP.NET web API core
- How to enable CORS in ASP.net Core WebAPI with deafult and own policy
- How to enable CORS globally in my ASP.NET core WebApi project