How to implement Access-Control-Allow-Origin header in asp.net
From enable-cors.org:
CORS on ASP.NET
If you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages:
Response.AppendHeader("Access-Control-Allow-Origin", "*");
See also: Configuring IIS6 / IIS7
Access-Control-Allow-Origin' in ASP.NET Core 6
Do you have the proper entries when you register the middleware?
https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-6.0
You will need to add localhost and the port numbers. I believe the port numbers are currently causing the issue right now. If both sites were on the same port number you might not get this issue.
Also, see the answers for CORS error on same domain.
CORS error on same domain?
Also, you want to enable CORS not disable it. CORS relaxes the security measures so your code can reach across ports.
IIS 'Access-Control-Allow-Origin' header only on image uploading on ASP.NET 3.1
Using the comments by Lex Li and Brando Zhang, I added a CORS configuration to my web.config
of the Web API project.
CORS Configuration :
<cors enabled="true">
<add origin="*" >
<allowHeaders allowAllRequestedHeaders="true" />
</add>
</cors>
ASP.NET Core CORS WebAPI: persist no Access-Control-Allow-Origin header
You might be misplacing the code.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowAnyOrigin",
builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
});
// other code
}
public void Configure(IApplicationBuilder app)
{
app.UseCors("AllowAnyOrigin");
// ...
}
Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method
For plain ASP.NET MVC Controllers
Create a new attribute
public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
base.OnActionExecuting(filterContext);
}
}
Tag your action:
[AllowCrossSiteJson]
public ActionResult YourMethod()
{
return Json("Works better?");
}
For ASP.NET Web API
using System;
using System.Web.Http.Filters;
public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
if (actionExecutedContext.Response != null)
actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");
base.OnActionExecuted(actionExecutedContext);
}
}
Tag a whole API controller:
[AllowCrossSiteJson]
public class ValuesController : ApiController
{
Or individual API calls:
[AllowCrossSiteJson]
public IEnumerable<PartViewModel> Get()
{
...
}
For Internet Explorer <= v9
IE <= 9 doesn't support CORS. I've written a javascript that will automatically route those requests through a proxy. It's all 100% transparent (you just have to include my proxy and the script).
Download it using nuget corsproxy
and follow the included instructions.
Blog post | Source code
.NET 6 Web Api Project No 'Access-Control-Allow-Origin' header is present on the requested resource
Thanks to @TinyWang :
I added
<DockerfileRunArguments>-e "ENABLE_CORS=true" -p 81:80</DockerfileRunArguments>
inside of my .csproj.
Now i'm able to call my web server (192.168.2.157:81) form my client (127.0.0.1)
Access-control-allow-origin with multiple domains
There can only be one Access-Control-Allow-Origin
response header, and that header can only have one origin value. Therefore, in order to get this to work, you need to have some code that:
- Grabs the
Origin
request header. - Checks if the origin value is one of the whitelisted values.
- If it is valid, sets the
Access-Control-Allow-Origin
header with that value.
I don't think there's any way to do this solely through the web.config.
if (ValidateRequest()) {
Response.Headers.Remove("Access-Control-Allow-Origin");
Response.AddHeader("Access-Control-Allow-Origin", Request.UrlReferrer.GetLeftPart(UriPartial.Authority));
Response.Headers.Remove("Access-Control-Allow-Credentials");
Response.AddHeader("Access-Control-Allow-Credentials", "true");
Response.Headers.Remove("Access-Control-Allow-Methods");
Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
}
Access-Control-Allow-Origin' header is present on the requested resource
To make it work, you could try these things:
1) in ConfigureServices
method, call AddCors
to configure the CORS service, initially, to allow any origin:
services.AddCors(options =>
{
options.AddPolicy("AllowAnyCorsPolicy", policy => policy.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
});
2) in Configure
method add UseCors
, this adds middleware to web application pipeline:
app.UseRouting();
app.UseCors("AllowAnyCorsPolicy");
app.UseMvc();
Since ASP.NET Core 3.1 .UseCors()
needs to be called after .UseRouting()
, as mentioned in https://github.com/dotnet/aspnetcore/issues/17830.
When this initial configuration is working, it can be later modified to your requirements.
CORS in .NET Core 2.0 No 'Access-Control-Allow-Origin' header is present on the requested resource.
Try calling: app.UseCors("AllowAll");
before app.UseMvc();
.
The documentation states the following:
To enable CORS for your entire application add the CORS middleware to your request pipeline using the UseCors extension method. Note that the CORS middleware must precede any defined endpoints in your app that you want to support cross-origin requests (ex. before any call to UseMvc).
Related Topics
Performance of Linq Any VS Firstordefault != Null
Serilog Mssql Sink Doesn't Write Logs to Database
Launching Process in C# Without Distracting Console Window
How to Convert an Array of Floats to a Byte[] and Back
How to Programmatically Select an Item in a Wpf Treeview
Anyone Know of a Set of C# Bindings for Ffmpeg
Binary to Corresponding Ascii String Conversion
How to Add Openidconnect via Identityserver4 to ASP.NET Core Serverside Blazor Web App
How to Have a Delegate as Attribute Parameter
Keep Casing When Serializing Dictionaries
How to Check If Ioexception Is Not-Enough-Disk-Space-Exception Type
Is There an Exponent Operator in C#
Read from a File Starting at the End, Similar to Tail
How to Programmatically List All Projects in a Solution
Datagridview Changing Cell Background Color