Home > OS >  I am getting a cors error even though I have defined a .net 6.0 cors policy
I am getting a cors error even though I have defined a .net 6.0 cors policy

Time:08-26

I don't get a cors error when I run it locally. but when i publish on hosting i get cors error.

error:

Access to XMLHttpRequest at 'https://mp3-api.batuhanfindik.com/api/User/Login' from origin 'https://www.batuhanfindik.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

code:

builder.Services.AddCors(options => options.AddDefaultPolicy(policy => {
    policy.WithOrigins(new[] { 
                                "https://www.batuhanfindik.com", 
                                "https://batuhanfindik.com",
                                "http://www.batuhanfindik.com",
                                "http://batuhanfindik.com",
                                "https://www.mp3-api.batuhanfindik.com", 
                                "https://mp3-api.batuhanfindik.com", 
                                "http://www.mp3-api.batuhanfindik.com", 
                                "http://mp3-api.batuhanfindik.com", 
                                "https://localhost:3000", 
                                "https://172.34.1.78:3000", 
                                "https://localhost:3001" 
                              })
            .AllowAnyHeader()
            .AllowAnyMethod()
                .AllowCredentials();                   
}));

app.UseCors(options =>
    options.WithOrigins(new[] {
                                "https://www.batuhanfindik.com",
                                "https://batuhanfindik.com",
                                "http://www.batuhanfindik.com",
                                "http://batuhanfindik.com",
                                "https://www.mp3-api.batuhanfindik.com",
                                "https://mp3-api.batuhanfindik.com",
                                "http://www.mp3-api.batuhanfindik.com",
                                "http://mp3-api.batuhanfindik.com",
                                "https://localhost:3000",
                                "https://172.34.1.78:3000",
                                "https://localhost:3001"
                              })
            .AllowAnyHeader()
            .AllowAnyMethod()
                .AllowCredentials()
                );

only in api sub domain. The site the user entered is in the main domain. interface master domain. api subdomain.

Now I fixed it somehow. but this time i don't get cors error from my computer. When I enter from other devices, it gives a cors error.

CodePudding user response:

Please try this once.

private static readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
    
    builder.Services.AddCors(options =>
    {
        options.AddPolicy(MyAllowSpecificOrigins,
        build =>
        {
            build.WithOrigins('url-here').AllowAnyHeader().AllowAnyMethod();
        });
    });

CodePudding user response:

I solved on my project using the following code.

On the startup.cs file in the public void Configure(IApplicationBuilder app, IWebHostEnvironment env)

Add the following line after app.UseRouting

app.UseCors(
    options => options.SetIsOriginAllowed(x => _ = true).AllowAnyMethod().WithHeaders(new[] { $"{headersStandard}, {headersLowered}" }).AllowCredentials()
);

I set custom headers so I need to set cors accordingly thus the (with headers)

Then in the public void ConfigureServices(IServiceCollection services) method add the following line after services.AddControllers();

services.AddCors();    
  • Related