CORS in .NET Core

by

Assume you have the answer, but for the benefit of searchers, I had the same problem with the standard tutorial on .NET Core Cors.

One of the many errors encountered:

XMLHttpRequest cannot load localhost:64633/api/blogs. Response
to preflight request doesn’t pass access control check: No
‘Access-Control-Allow-Origin’ header is present on the requested
resource. Origin ‘localhost:56573’ is therefore not allowed
access. The response had HTTP status code 500.

After playing around, the following code worked. Full class posted below to aid understanding of what goes where.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Cors.Infrastructure;

namespace NetCoreWebApiTesting
{
    public class Startup
    {
        public Startup(IHostingEnvironment env)
        {
            var builder = new ConfigurationBuilder()
                .SetBasePath(env.ContentRootPath)
                .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
                .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true);

            if (env.IsEnvironment("Development"))
            {
                // This will push telemetry data through Application Insights pipeline faster, allowing you to view results immediately.
                builder.AddApplicationInsightsSettings(developerMode: true);
            }

            builder.AddEnvironmentVariables();
            Configuration = builder.Build();
        }

        public IConfigurationRoot Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container
        public void ConfigureServices(IServiceCollection services)
        {
            // Add framework services.
            services.AddApplicationInsightsTelemetry(Configuration);

            services.AddMvc().AddJsonOptions(options => options.SerializerSettings.ReferenceLoopHandling =
                                                            Newtonsoft.Json.ReferenceLoopHandling.Ignore);

            // ********************
            // Setup CORS
            // ********************
            var corsBuilder = new CorsPolicyBuilder();
            corsBuilder.AllowAnyHeader();
            corsBuilder.AllowAnyMethod();
            corsBuilder.AllowAnyOrigin(); // For anyone access.
            //corsBuilder.WithOrigins("http://localhost:56573"); // for a specific url. Don't add a forward slash on the end!
            corsBuilder.AllowCredentials();

            services.AddCors(options =>
            {
                options.AddPolicy("SiteCorsPolicy", corsBuilder.Build());
            });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddConsole(Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();

            app.UseApplicationInsightsRequestTelemetry();

            app.UseApplicationInsightsExceptionTelemetry();

            app.UseMvc();

            // ********************
            // USE CORS - might not be required.
            // ********************
            app.UseCors("SiteCorsPolicy");
        }
    }
}

To use it you can add the EnableCorsAttribute either on the controller or on the method. e.g. 

[EnableCors("SiteCorsPolicy")]
[Route("api/[controller]")]
public class BlogsController : Controller
{

}

or 

// POST api/value
[EnableCors("SiteCorsPolicy")]
[HttpPost]
public HttpResponseMessage Post([FromBody]Blog value)
{
    // Do something with the blog here....

    var msg = new HttpResponseMessage(System.Net.HttpStatusCode.OK);
    return msg;

}

When I called this using the following code (using standard js/jQuery for easy of copy and paste), the communication stopped being rejected.

function HandleClick() {

    var entityData = {
        "blogId": 2,
        "url": "http://blog.com/blog1",
        "posts": [
        {
            "postId": 3,
            "title": "Post 1-1",
            "content": "This is post 1 for blog 1",
            "blogId": 2
        },
        {
            "postId": 4,
            "title": "Post 1-2",
            "content": "This is post 2 for blog 1",
            "blogId": 2
        }
        ]
    };

    $.ajax({
        type: "POST",
        url: "http://localhost:64633/api/blogs",
        async: true,
        cache: false,
        crossDomain: true,
        data: JSON.stringify(entityData),
        contentType: "application/json; charset=utf-8",
        dataType: "json",
        success: function (responseData, textStatus, jqXHR) {
            var value = responseData;
        },
        error: function (responseData, textStatus, errorThrown) {
            alert('POST failed.');
        }
    });
}

More Related Contents:

  1. How can my programme check if the user input is correct or not? [closed]
  2. What are the correct version numbers for C#?
  3. AddTransient, AddScoped and AddSingleton Services Differences
  4. How do I get .NET Core projects to copy NuGet references to the build output?
  5. Using app.config in .Net Core
  6. How should I inject a DbContext instance into an IHostedService?
  7. Enable CORS in Web API 2
  8. EF Linq Error after change from dotnet Core 2.2.6 to 3.0.0
  9. auto create database in Entity Framework Core
  10. Enable OPTIONS header for CORS on .NET Core Web API
  11. Hangfire – Multi tenant, ASP.NET Core – Resolving the correct tenant
  12. JWT on .NET Core 2.0
  13. UploadFile with POST values by WebClient
  14. .NET Core and System.Drawing
  15. CORS Support within WCF REST Services
  16. WCF error : 405 Method Not Allowed
  17. How to consume a Scoped service from a Singleton?
  18. Could not load file or assembly Microsoft.Extensions.DependencyInjection.Abstractions, Version=1.1.0.0
  19. Upload files and JSON in ASP.NET Core Web API
  20. How to read values from the querystring with ASP.NET Core?
  21. Entity framework EF.Functions.Like vs string.Contains
  22. Change the JSON serialization settings of a single ASP.NET Core controller
  23. Using IConfiguration in C# Class Library
  24. Replace service registration in ASP.NET Core built-in DI container?
  25. How do I resolve the issue the request matched multiple endpoints in .Net Core Web Api
  26. Cannot find command ‘dotnet ef’
  27. ASP.NET Core modify/substitute request body
  28. Getting nested properties with System.Text.Json
  29. Net Core: Execute All Dependency Injection in Xunit Test for AppService, Repository, etc
  30. ASP.NET Core configuration for .NET Core console application

Leave a Comment