Geek Answers Handbook

ASP.NET 5 / Core / vNext CORS does not work, even if almost everything allows

I have an ASP.NET 5 Web API (well, anyway, MVC) that I consume using axios in my JS application.

My CORS configuration in MVC is as follows:

public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddCors(); } public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { app.UseCors(builder => { builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader(); }); }

In other words, I must allow any request. However, although these fixed pre-flight request requests, POST requests are still rejected (I see that it is running on the server, but there is no header in the response, which leads to an error on the client side).

Does anyone have any ideas why this won't work?

These are the headers returned by the MVC api:

  • For the preposition OPTIONS (this run): Answers OPTIONS
  • For the actual POST request (this one fails): POST Reply
+10
cors asp.net-core
source share
7 answers

The problem was that there was an exception in processing the processing of the POST request, and as Norgerman noted, the exception handler cleared the CORS headers by default.

+6
source share

You must add Cors before MVC. The procedure for registering middleware is important. If Cors is registered after mvc, it will never be called. They are called in registration order.

As soon as the process processes the request, it will pass it on to the next middleware (Mvc)

+11
source share

This works for me:

 public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { app.UseCors(x => x.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials()); }
+9
source share

@ Norgerman mentioned this in the comments, but I think it is worth the answer, because I made this mistake myself several times:

CORS Middleware only works with actual cross-domain requests

The lesson is not if you simply access the same domain request, for example by entering the URL into the browser.

This means that if you are testing, you need to either use the actual cross-domain request from the XHR client on another port or domain, or an HTTP client that can explicitly call the origin header in the HTTP request.

+8
source share

Assuming you are trying to create a truly PUBLIC endpoint, this worked for me:

Make sure it is:

 app.UseCors(builder => { builder.AllowAnyOrigin() builder.AllowAnyMethod() builder.AllowAnyHeader() });

Occurs before any of them:

 app.UseHttpsRedirection(); app.UseDefaultFiles(); app.UseStaticFiles(); app.UseCookiePolicy(); app.useMvc();

Remember, we are dealing with a "conveyor". Cors material should be the first.

Also - (again, I suppose a "public endpoint") - make sure your XHR call has ... xhr.withCredentials = false;

... or just omit it. If it is set to true, you will receive a CORS warning about a wildcard.

+1
source share

This is what worked for me since I had the same problem with CORS in conjunction with axios.

Assuming you configured the API correctly and decorated the class in the API controller:

 [EnableCors("YourCorsPolicy")]

(you will need to add the expression "using Microsoft.AspNetCore.Cors;" to your class)

Then you need to use the following in your axios-auth.js file:

 axios.defaults.headers.common['Access-Control-Allow-Origin'] = '*'

This then worked well for me on https. This is my full axios-auth if you need a guide.

 import axios from 'axios' const instance = axios.create({ baseURL: 'https://localhost:56799/api' }) axios.defaults.headers.common['Access-Control-Allow-Origin'] = '*' axios.defaults.headers.get['Accepts'] = 'application/json' axios.defaults.headers.post['Content-Type'] = 'application/json; charset=utf-8' export default instance

I hope this is helpful.

0
source share

Note that the Windows firewall and the .vs\config\applicationhost.config project must be properly configured, in addition to enabling CORS in your project. The checklist below may help:

  • Is the port used by your application / API open in the firewall? If not, open it.

  • Open the project file .vs\config\applicationhost.config and search for <binding protocol="http" bindingInformation="*:NNNNN:localhost" /> (where NNNNN is the IP port number used by your application / API). After that, add the second line, <binding protocol="http" bindingInformation="*:NNNNN:*" /> , so that you allow any IP address to access your application.

Restart IIS Express and remember that often running Visual Studio as an administrator is important.

After that, continue to configure and test CORS.

-one
source share

More articles:


All Articles