C
C#β€’3y ago
zi_you

is it possible to enable cors in net framework?

hi all, i understand that we can enable cors in asp net core project by specifying the .AddCors in program/startup cs class but there is no program/startup class in net framework, is there a way we can enable cors in asp net framework?
11 Replies
jcotton42
jcotton42β€’3y ago
asp.net is very different from asp.net core very very different
Brainiac V
Brainiac Vβ€’3y ago
Hi there, the docs got you covered on that: https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api
Enabling Cross-Origin Requests in ASP.NET Web API 2
Shows how to support Cross-Origin Resource Sharing (CORS) in ASP.NET Web API.
zi_you
zi_youOPβ€’3y ago
thank you for the link, i saw that it's for the web api project, and thus they have to modify the Register method in the web api, but my project is only a net MVC project i actually tried to do this (refer the solution from googling, but i dont think this works because the cors exception still appears), do i need to apply the Register method inside the global.asax.cs file? under web.config file 
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Headers" value="accept, content-type" />
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Methods" value="POST, GET, OPTIONS" />
        </customHeaders>
    </httpProtocol>
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Headers" value="accept, content-type" />
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Methods" value="POST, GET, OPTIONS" />
        </customHeaders>
    </httpProtocol>
under global.asax.cs 
 protected void Application_BeginRequest(object sender, EventArgs e)
        {
            var context = HttpContext.Current;
            var response = context.Response;

            // enable CORS  
            response.AddHeader("Access-Control-Allow-Origin", "*");

            if (context.Request.HttpMethod == "OPTIONS" || context.Request.HttpMethod == "POST")
            {
                response.AddHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
                response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
                response.End();
            }
        }
 protected void Application_BeginRequest(object sender, EventArgs e)
        {
            var context = HttpContext.Current;
            var response = context.Response;

            // enable CORS  
            response.AddHeader("Access-Control-Allow-Origin", "*");

            if (context.Request.HttpMethod == "OPTIONS" || context.Request.HttpMethod == "POST")
            {
                response.AddHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
                response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
                response.End();
            }
        }
Brainiac V
Brainiac Vβ€’3y ago
How do you have CORS problems in a MVC app?
zi_you
zi_youOPβ€’3y ago
actually i try to make a request using javascript to this MVC app (there's a controller that returns json file), and since the prefix url is different for example i deploy the MVC project under http://192.168.1... then i try to use javascript from a different project to make a request to this MVC project that return json file http://localhost/... (in same server) then there's a cors issue
Brainiac V
Brainiac Vβ€’3y ago
yeah makes sense Besides the settings in the app also make sure that IIS is configured correctly if you use it
Brainiac V
Brainiac Vβ€’3y ago
@qian Maybe this resource helps? https://dotnetthoughts.net/enabling-cross-origin-requests-in-asp-net5/
dotnetthoughts
Enabling Cross-Origin Requests in ASP.NET5
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated. β€œCross-domain” AJAX requests are forbidden by default because of their ability to perform advanced requests (POST, PUT, DELETE...
zi_you
zi_youOPβ€’3y ago
thank you so much for the links! i tried to put the Register method from this link inside the global.asax.cs net framework mvc and it actually works
Brainiac V
Brainiac Vβ€’3y ago
Glad to hear that πŸ™‚
zi_you
zi_youOPβ€’3y ago
thank you for your help! πŸ™
Brainiac V
Brainiac Vβ€’3y ago
np! πŸ™‚

Did you find this page helpful?