From what I understand, when enabled CORS accordingly, the response model should include the following header information (provided that I want to allow everything):
Access-Control-Allow-Origin: *
Access-Control-Allow-Method: *
Access-Control-Allow-Header: *
Enabling it in Startup
:
public void ConfigureServices(IServiceCollection services)
{
//...
services.AddCors();
services.ConfigureCors(options =>
{
options.AddPolicy("AllowAll", p => p.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
});
//...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
//...
app.UseCors("AllowAll");
//...
}
The problem is that none of these headers are returned and I get the following error when trying to request from the API:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.
Configure
method? – Kiran Challaapp.UseCors
afterapp.UseMvc
in yourStartup.Configure
method. You need to add the Cors middleware before the MVC middleware. (By the way, in RC1 there is noConfigureCors
method anymore and the options can be passed directly into theAddCors
method) – Daniel J.G.app.UseCors
beforeapp.UseMvc
) did the trick for me. Please add this as answer so I can upvote it :) Thanks! This is annoying since it is not mentioned in the latest docs. – realMarkusSchmidtapp.UseHttpsRedirection(); app.UseRouting(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
– Kiquenet