locked
blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. RRS feed

  • Question

  • User-2004102533 posted

    I am getting blocked by CORS policy.  This is my startup.cs

    using Microsoft.AspNetCore.Builder;
    using Microsoft.AspNetCore.Hosting;
    using Microsoft.AspNetCore.Mvc;
    using Microsoft.EntityFrameworkCore;
    using Microsoft.Extensions.Configuration;
    using Microsoft.Extensions.DependencyInjection;
    using AutoMapper;
    using myBackEnd.Helpers;
    using System.Text;
    using Microsoft.AspNetCore.Authentication.JwtBearer;
    using System.Threading.Tasks;
    using Microsoft.IdentityModel.Tokens;
    using myBackEnd.Services;
    
    namespace myBackEnd
    {
        public class Startup
    
        {
            public Startup(IConfiguration configuration)
            {
                Configuration = configuration;
            }
    
            public IConfiguration Configuration { get; }
    
            // This method gets called by the runtime. Use this method to add services to the container.
            public void ConfigureServices(IServiceCollection services)
            {
                services.AddCors(options => options.AddPolicy("Cors", builder =>
                {
                    builder
                    .AllowAnyOrigin()
                    .AllowAnyMethod()
                    .AllowCredentials()
                    .AllowAnyHeader();
                }));
                services.AddDbContext<Models.StockContext>(opt => opt.UseInMemoryDatabase("item"));
                services.AddHttpClient();
                services.AddAutoMapper();
    
                // configure strongly typed settings objects
                var appSettingsSection = Configuration.GetSection("AppSettings");
                services.Configure<AppSettings>(appSettingsSection);
    
                // configure jwt authentication
                var appSettings = appSettingsSection.Get<AppSettings>();
                var key = Encoding.ASCII.GetBytes(appSettings.Secret);
                services.AddAuthentication(x =>
                {
                    x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                    x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                })
                .AddJwtBearer(x =>
                {
                    x.Events = new JwtBearerEvents
                    {
                        OnTokenValidated = context =>
                        {
                            var userService = context.HttpContext.RequestServices.GetRequiredService<IUserService>();
                            var userId = int.Parse(context.Principal.Identity.Name);
                            var user = userService.GetById(userId);
                            if (user == null)
                            {
                                // return unauthorized if user no longer exists
                                context.Fail("Unauthorized");
                            }
                            return Task.CompletedTask;
                        }
                    };
                    x.RequireHttpsMetadata = false;
                    x.SaveToken = true;
                    x.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuerSigningKey = true,
                        IssuerSigningKey = new SymmetricSecurityKey(key),
                        ValidateIssuer = false,
                        ValidateAudience = false
                    };
                });
    
                // configure DI for application services
                services.AddScoped<IUserService, UserService>();
                services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
    
    
            }
    
            // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
            public void Configure(IApplicationBuilder app, IHostingEnvironment env)
            {
                if (env.IsDevelopment())
                {
                    app.UseDeveloperExceptionPage();
                }
                else
                {
                    app.UseHsts();
                }
                app.UseCors("Cors");
                app.UseHttpsRedirection();
                app.UseMvc();
            }
        }
    }
    

    Tuesday, December 18, 2018 11:51 PM

Answers

  • User475983607 posted

    Most likely the client request is causing an error and the error response is missing the CORS headers.  Open browser's network trace tool (Dev Tools - F12) and monitor the server response. 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, December 19, 2018 2:55 PM