How to Implement "Access-Control-Allow-Origin" Header in ASP.NET

How to implement Access-Control-Allow-Origin header in asp.net

From enable-cors.org:

CORS on ASP.NET

If you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages:

Response.AppendHeader("Access-Control-Allow-Origin", "*");

See also: Configuring IIS6 / IIS7

Access-Control-Allow-Origin' in ASP.NET Core 6

Do you have the proper entries when you register the middleware?
https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-6.0

You will need to add localhost and the port numbers. I believe the port numbers are currently causing the issue right now. If both sites were on the same port number you might not get this issue.
Also, see the answers for CORS error on same domain.
CORS error on same domain?

Also, you want to enable CORS not disable it. CORS relaxes the security measures so your code can reach across ports.

IIS 'Access-Control-Allow-Origin' header only on image uploading on ASP.NET 3.1

Using the comments by Lex Li and Brando Zhang, I added a CORS configuration to my web.config of the Web API project.

CORS Configuration :

<cors enabled="true">
  <add origin="*" >
      <allowHeaders allowAllRequestedHeaders="true" />
  </add>
</cors>

ASP.NET Core CORS WebAPI: persist no Access-Control-Allow-Origin header

You might be misplacing the code.

public void ConfigureServices(IServiceCollection services)
{
        services.AddCors(options =>
        {
            options.AddPolicy("AllowAnyOrigin",
                builder => builder
                .AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader());
        });

        // other code           
}

public void Configure(IApplicationBuilder app)
{
    app.UseCors("AllowAnyOrigin");

    // ...
}

Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method

For plain ASP.NET MVC Controllers

Create a new attribute

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
        base.OnActionExecuting(filterContext);
    }
}

Tag your action:

[AllowCrossSiteJson]
public ActionResult YourMethod()
{
    return Json("Works better?");
}

For ASP.NET Web API

using System;
using System.Web.Http.Filters;

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
    public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
    {
        if (actionExecutedContext.Response != null)
            actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");

        base.OnActionExecuted(actionExecutedContext);
    }
}

Tag a whole API controller:

[AllowCrossSiteJson]
public class ValuesController : ApiController
{

Or individual API calls:

[AllowCrossSiteJson]
public IEnumerable<PartViewModel> Get()
{
    ...
}

For Internet Explorer <= v9

IE <= 9 doesn't support CORS. I've written a javascript that will automatically route those requests through a proxy. It's all 100% transparent (you just have to include my proxy and the script).

Download it using nuget corsproxy and follow the included instructions.

Blog post | Source code

.NET 6 Web Api Project No 'Access-Control-Allow-Origin' header is present on the requested resource

Thanks to @TinyWang :

I added

<DockerfileRunArguments>-e "ENABLE_CORS=true" -p 81:80</DockerfileRunArguments>

inside of my .csproj.

Now i'm able to call my web server (192.168.2.157:81) form my client (127.0.0.1)

Access-control-allow-origin with multiple domains

There can only be one Access-Control-Allow-Origin response header, and that header can only have one origin value. Therefore, in order to get this to work, you need to have some code that:

1. Grabs the Origin request header.
2. Checks if the origin value is one of the whitelisted values.
3. If it is valid, sets the Access-Control-Allow-Origin header with that value.

I don't think there's any way to do this solely through the web.config.

if (ValidateRequest()) {
    Response.Headers.Remove("Access-Control-Allow-Origin");
    Response.AddHeader("Access-Control-Allow-Origin", Request.UrlReferrer.GetLeftPart(UriPartial.Authority));

    Response.Headers.Remove("Access-Control-Allow-Credentials");
    Response.AddHeader("Access-Control-Allow-Credentials", "true");

    Response.Headers.Remove("Access-Control-Allow-Methods");
    Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
}

Access-Control-Allow-Origin' header is present on the requested resource

To make it work, you could try these things:

1) in ConfigureServices method, call AddCors to configure the CORS service, initially, to allow any origin:

services.AddCors(options => 
{
    options.AddPolicy("AllowAnyCorsPolicy", policy => policy.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
});

2) in Configure method add UseCors, this adds middleware to web application pipeline:

app.UseRouting();
app.UseCors("AllowAnyCorsPolicy");
app.UseMvc();

Since ASP.NET Core 3.1 .UseCors() needs to be called after .UseRouting(), as mentioned in https://github.com/dotnet/aspnetcore/issues/17830.

When this initial configuration is working, it can be later modified to your requirements.

CORS in .NET Core 2.0 No 'Access-Control-Allow-Origin' header is present on the requested resource.

Try calling: app.UseCors("AllowAll"); before app.UseMvc();.

The documentation states the following:

To enable CORS for your entire application add the CORS middleware to your request pipeline using the UseCors extension method. Note that the CORS middleware must precede any defined endpoints in your app that you want to support cross-origin requests (ex. before any call to UseMvc).

---

Related Topics