Best IT Recipes

How to enable CORS in ASP.NET core

I am trying to allow cross-origin sharing in my ASP.NET Core Web API, but I'm stuck.

The EnableCors attribute takes a policyName type string as a parameter:

 // Summary: // Creates a new instance of the Microsoft.AspNetCore.Cors.Core.EnableCorsAttribute. // // Parameters: // policyName: // The name of the policy to be applied. public EnableCorsAttribute(string policyName);

What does policyName mean and how can I configure CORS in the ASP.NET core web API?

+146
c # asp.net-core
Aug 11 '15 at 12:37
source share
7 answers

You must configure the CORS policy when starting the application in the ConfigureServices method:

 public void ConfigureServices(IServiceCollection services) { services.AddCors(o => o.AddPolicy("MyPolicy", builder => { builder.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader(); })); // ... }

CorsPolicyBuilder in builder allows you to customize the policy to suit your needs. Now you can use this name to apply the policy to controllers and actions:

 [EnableCors("MyPolicy")]

Or apply it to every request:

 public void Configure(IApplicationBuilder app) { app.UseCors("MyPolicy"); // ... }
+249
Aug 11 '15 at 12:42 on
source share

Applies to .NET Core 1 and .Net Core 2 (hereinafter)

When Using .Net-Core 1.1

Unfortunately, the documents in this particular case are very confusing. So I will make it very simple:

  • Add Microsoft.AspNetCore.Cors nuget package to your project
  • In the ConfigureServices method add services.AddCors();

  • In the Configure method, before calling app.UseMvc() and app.UseStaticFiles() add:

     app.UseCors(builder => builder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .AllowCredentials());

It. Each client has access to your main ASP.NET website / API.



When using .Net-Core 2.0

  • Add Microsoft.AspNetCore.Cors nuget package to your project

  • in the ConfigureServices method, before calling services.AddMvc() add:

      services.AddCors(options => { options.AddPolicy("AllowAll", builder => { builder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .AllowCredentials(); }); });

  • (Important) In the Configure method, before calling app.UseMvc() , add app.UseCors("AllowAll");

    AllowAll is the name of the policy that we should mention in app.UserCors. It can be any name.

+91
Apr 09 '17 at 5:00
source share

Based on Henk's answer, I was able to find the specific domain, the method I want to allow, and also the header I want to enable CORS for:

 public void ConfigureServices(IServiceCollection services) { services.AddCors(options => options.AddPolicy("AllowSpecific", p => p.WithOrigins("http://localhost:1233") .WithMethods("GET") .WithHeaders("name"))); services.AddMvc(); }

using:

 [EnableCors("AllowSpecific")]
+36
Aug 11 '15 at 12:57
source share

In particular, in dotnet core 2.2 with SignalR you have to change

.WithOrigins("http://localhost:3000") or

.SetIsOriginAllowed(isOriginAllowed: _ => true)//for all origins

instead .AllowAnyOrigin() with .AllowCredentials()

https://trailheadtechnology.com/breaking-change-in-aspnetcore-2-2-for-signalr-and-cors/

https://github.com/aspnet/AspNetCore/issues/4483

+6
Apr 12 '19 at 20:34
source share

You must configure in class Startup.cs

 services.AddCors(options => { options.AddPolicy("CorsPolicy", builder => builder.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .AllowCredentials()); });
+4
Oct 12 '18 at 8:05
source share

`

  public void ConfigureServices(IServiceCollection services) { services.AddCors(options => { options.AddPolicy("AllowAnyOrigin", builder => builder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader()); }); services.Configure<MvcOptions>(options => { options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAnyOrigin")); }); }

`

+3
Nov 25 '17 at 19:26
source share

If you host on IIS, one of the possible reasons is that you get this because IIS blocks the verb OPTIONS . Because of this, I spent almost an hour:

One tell-tale - you get a 404 error during an OPTIONS request.

To fix this, you need to explicitly tell IIS not to block the OPTIONS request.

Go to query filtering:

IIS Request Filtering

Make sure the options are enabled:

Make sure OPTIONS is True

Or just create web.config with the following setting:

 <system.webServer> <security> <requestFiltering> <verbs> <remove verb="OPTIONS" /> <add verb="OPTIONS" allowed="true" /> </verbs> </requestFiltering> </security> </system.webServer>
+3
Nov 13 '18 at 11:47
source share


More articles:


All Articles