options.AddPolicy("AllowAll",
builder => builder.WithOrigins("*")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials())
This code is showing a CORS error:
The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the CORS policy by listing individual origins if credentials needs to be supported.
How can I solve this? How can I add a wildcard origin with AllowCredentials
?
CodePudding user response:
You couldn't do that
as mentioned in the document:
The CORS specification also states that setting origins to "*" (all origins) is invalid if the Access-Control-Allow-Credentials header is present.
and this part in the document:
When responding to a credentialed request:
The server must not specify the "*" wildcard for the Access-Control-Allow-Origin response-header value, but must instead specify an explicit origin;
for example: Access-Control-Allow-Origin: https://example.com
The server must not specify the "" wildcard for the Access-Control-Allow-Headers response-header value, but must instead specify an explicit list of header names; for example,Access-Control-Allow-Headers: X-PINGOTHER, Content-Type The server must not specify the "" wildcard for the Access-Control-Allow-Methods response-header value, but must instead specify an explicit list of method names;
for example, Access-Control-Allow-Methods: POST, GET
The server must not specify the "*" wildcard for the Access-Control-Expose-Headers response-header value, but must instead specify an explicit list of header names;
for example, Access-Control-Expose-Headers: Content-Encoding, Kuma-Revision
If you set with WithOrigins("*")
it would add Access-Control-Allow-Origin:*
to the response header