locked
aspnetcore3.1 CORS issues RRS feed

  • Question

  • User1637788151 posted

    Hello I am trying to deploy a .Net Core web API and Angular UI to a hosted IIS Server using FTP. The API is on a subdomain (api.subdomain.com) and the Angular UI is on a different subdomain (ui.subdomain.com). The application was working correctly on localhost in development. The issue started as soon as I deployed to the server. I cannot install the IIS CORS module because of where it is being hosted.

    Both applications are working on their own but will not communicate with each other when trying to call the deployed API from the UI.

    In the API I am letting it be wide open without restrictions just to try and get the 2 to communicate with each other. Below is the Cors policy in the Startup.cs. U have already tried to .WithOrigins(ui.subdomain.com) and I am getting the same error.

    In the Configure function I have 

                services.AddCors(options =>
                {
                    options.AddPolicy("CorsPolicy",
                        builder => builder
                        .AllowAnyOrigin()
                        .AllowAnyMethod()
                        .AllowAnyHeader());                    
                });
        
                services.AddControllers();
            }
    
            // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
            public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
            {
                app.UseRouting();
                app.UseCors("CorsPolicy");
                app.UseAuthorization();
                app.UseEndpoints(endpoints =>
                {
                    endpoints.MapControllers();
                });
            }

    The error in the browser is:

    Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

    From the research I have been doing the past few days this is an API issue I have tried to put a Access-Control-Allow-Origin: * on the POST method in the UI. But still the same error. Also I was reading that the AspNetCoreCors nuget package does not have to be included because it is already bundled in version 3.1

    If anyone can assist in this issue I am stuck and have no idea what to try now... any input, advice or solutions will be greatly appreciated! If any more information needs to be provided let me know. Thank you in advance!

    Tuesday, January 19, 2021 4:45 PM

All replies

  • User475983607 posted

    Check is the HTTP response is an error message.  Open the browser's dev tools -> Network -> click on the request that caused the error and read the response.  

    Tuesday, January 19, 2021 7:02 PM
  • User1637788151 posted

    There are 2 failed one is Status (failed) net::ERR_FAILED Type xhr and then the second is Status 404 Type text/html. Both Failed to load response data. But the 404 is from the OPTIONS method assuming that is from the preflight request

    UPDATE:

    It is fixed. I added 

    <security>
            <requestFiltering>
                <verbs>
                    <remove verb="OPTIONS" />
                    <add verb="OPTIONS" allowed="true" />
                </verbs>
            </requestFiltering>
        </security>
    

    To the web.config and it started working

    Tuesday, January 19, 2021 7:06 PM