C
C#2y ago
RDasher

✅ CORS: Cross-Origin Request Blocked

Hello, I'm trying to figure out how to configure CORS on my .NET Web Api Application. The Api Application is hosted on localhost:5000, while the ReactJS Frontend is hosted on localhost:3000. 
public static void InitializeCORS(this IServiceCollection services)
{
    var MyAllowSpecificOrigins = "_myAllowSpecificOrigins";

    services.AddCors(options =>
                {
                    options.AddPolicy(name: MyAllowSpecificOrigins,
                                        policy =>
                                        {
                                            policy.WithOrigins("http://localhost:3000/*").AllowAnyHeader().AllowAnyMethod();
                                        });
                });
}
public static void InitializeCORS(this IServiceCollection services)
{
    var MyAllowSpecificOrigins = "_myAllowSpecificOrigins";

    services.AddCors(options =>
                {
                    options.AddPolicy(name: MyAllowSpecificOrigins,
                                        policy =>
                                        {
                                            policy.WithOrigins("http://localhost:3000/*").AllowAnyHeader().AllowAnyMethod();
                                        });
                });
}
Also have defined Application to use Cors in Program.cs 
app.UseCors();
app.UseCors();
I've followed this from MSDN: https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-7.0
Enable Cross-Origin Requests (CORS) in ASP.NET Core
Learn how CORS as a standard for allowing or rejecting cross-origin requests in an ASP.NET Core app.
47 Replies
FusedQyou
FusedQyou2y ago
"http://localhost:3000/*" should be "http://localhost:3000" That's the host, or origin
RDasher
RDasher2y ago
Lemem try this Nope, this did not work either Which makes sense, cause I could've sworn I tried this
FusedQyou
FusedQyou2y ago
Well it's one of the things you should do You sure you run on port 3000?
RDasher
RDasher2y ago
Alright, that's one
RDasher
RDasher2y ago
Yes
FusedQyou
FusedQyou2y ago
And have you referenced the actual policy? I don't see it specified anywhere
RDasher
RDasher2y ago
What is the policy? I think that might be the issue Cause I didn't do anything like that
FusedQyou
FusedQyou2y ago
You add a policy, but you can also just set the default policy In your case you made the policy but you did not reference it 1 sec
RDasher
RDasher2y ago
OHHH, I need to use default policy lemme try that real quick
FusedQyou
FusedQyou2y ago
This is what I did with my last API
FusedQyou
FusedQyou2y ago
FusedQyou
FusedQyou2y ago
FusedQyou
FusedQyou2y ago
I didn't specify a policy and just used a default one
FusedQyou
FusedQyou2y ago
In your case, you need to specify the policy to use in UseCors, like the picture shows, or you do what I did.
RDasher
RDasher2y ago
k brb, lemme rewrite some code to try this Okay, so here is what I've done: Static Startup Class (Ignore the function names, that's temporary) 
public static void InitializeCORS(this IServiceCollection services)
{
    services.AddCors();
}

public static void InitializeCORS(this WebApplication app)
{
    app.UseCors(configure => configure.WithOrigins("http://localhost:3000/").AllowAnyHeader().AllowAnyMethod());
}
public static void InitializeCORS(this IServiceCollection services)
{
    services.AddCors();
}

public static void InitializeCORS(this WebApplication app)
{
    app.UseCors(configure => configure.WithOrigins("http://localhost:3000/").AllowAnyHeader().AllowAnyMethod());
}
Program.cs 
...
builder.ConfigureServices();

var app = builder.Build();


app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();

app.UseAuthentication();

app.UseAuthorization();

app.InitializeRoutes();

app.InitializeCORS();
...
...
builder.ConfigureServices();

var app = builder.Build();


app.UseHttpsRedirection();
app.UseStaticFiles();

app.UseRouting();

app.UseAuthentication();

app.UseAuthorization();

app.InitializeRoutes();

app.InitializeCORS();
...
This doesn't work either I'm gonna try default policy too Nope, neither this, nor the default policy example from MSDN worked
FusedQyou
FusedQyou2y ago
Maybe you need to add AllowCredentials to your CORS configuration? Because it's not a whole lot of code, I assume if you copy paste my example it would work
RDasher
RDasher2y ago
Yeah, I've just tried that, it's building Added AllowCredentials in both your way and the MSDN ways Both did not work
FusedQyou
FusedQyou2y ago
Huh Maybe a weird question, but you call both InitializeCORS methods? And you're sure both invoke, and not one twice for example? What exactly is the error?
RDasher
RDasher2y ago
Let me recheck, but I'm like 95% sure they should both invoke both of them do execute But wait, lemme just recheck something real quick
RDasher
RDasher2y ago
this is the error btw
RDasher
RDasher2y ago
On the frontend
RDasher
RDasher2y ago
Yeah double checked, both of them are being invoked And each only once Any other ideas @FusedQyou?
FusedQyou
FusedQyou2y ago
Can you try this?
I fixed this by going to the Properties for my .Net Core app in Visual Studio. I selected Debug from the menu on the left hand side. There was a checkbox on the page called Enable SSL along with a URL (https://localhost:44358/ in my case). I browsed to this page in Firefox, got a warning page, added a security exception for it and everything worked as expected after that.
Self signed certificate bullcrap can also cause this Maybe try adding localhost on post 5000 as an accepted origin Probably not the problem but I'm getting confused by the error. Not sure which one is the frontend url now
RDasher
RDasher2y ago
3000 is frontend 5000 is backend (dotnet)
FusedQyou
FusedQyou2y ago
Is your frontend using a self signed certificate? Since you only accept an unsecure connection
RDasher
RDasher2y ago
No, both without SSL using only http
FusedQyou
FusedQyou2y ago
Does your .NET pipeline force http to https?
RDasher
RDasher2y ago
Nope
FusedQyou
FusedQyou2y ago
Like I have app.UseHttpsRedirection() here Then I'm really confused
RDasher
RDasher2y ago
Since, I use it with thundercleint, and I get responses fine Also, I'm on VSCode on Linux, setting up SSL will take me a bit, I'll get back to this thread once I've set it up
FusedQyou
FusedQyou2y ago
I don't think that's the problem though But idk what else you could try
RDasher
RDasher2y ago
Also, another note, the site is opening fine in browser
FusedQyou
FusedQyou2y ago
Might be a header you're adding/is missing
RDasher
RDasher2y ago
Update: trying it with * does work
FusedQyou
FusedQyou2y ago
Does AllowAnyOrigin work?
RDasher
RDasher2y ago
Why doesn't http://localhost:5000/? 🤔
RDasher
RDasher2y ago
I did this
RDasher
RDasher2y ago
I don't want to allow all origins, I want to specifically allow only localhost:5000
FusedQyou
FusedQyou2y ago
Well it has to be http://localhost:5000, without the slash With the slash represents a full url, not the host. It's weird, I know Did you do it with the slash the whole time?
RDasher
RDasher2y ago
Yes, I did Let me try that real quick
FusedQyou
FusedQyou2y ago
Then that was the problem lol I told you to do it without the slash at the end in my very first message <:peepo_cry:640304738512142352> That, and the fact that you're not actually referencing the policy - but I assume you fixed that
RDasher
RDasher2y ago
Yup, that was it! hahaha it works now, lmfao
FusedQyou
FusedQyou2y ago
mweh
RDasher
RDasher2y ago
I have this habit of not reading properly pepecry
FusedQyou
FusedQyou2y ago
Same
RDasher
RDasher2y ago
Thank you very much, my dude Appreciate you sticking with my dumb ass for this long haha
FusedQyou
FusedQyou2y ago
No problemooo
Want results from more Discord servers?
Add your server
More Posts
✅ How do I move a Window in WinUI 3 C#?Hey everyone! I have a window that is shaped like a taskbar, so it's {screenWidth} x 50px tall. Curr❔ VIsual Studio 2022 Spell CheckingWhen I just opened visual studio 2022 today, it randomly just started doing spell checking on my cod❔ Segmentation fault when running app on raspberry piI am trying to compile a .net app for a raspberry pi, and making a very simple gpio app, but i'm get❔ has somebody a c# code for the game solitärplease can somebody help me❔ ✅ For Hire[For Hire] [Full Time / Part Time] [Remote Work] 👍First priority is Credit 👍Perfect results withi✅ Moving from HttpWebRequest to HttpClientHello, I'm in need of help refactoring from HttpWebRequest(obsolete) to HttpClient. I've tried to do❔ Is there any way to test the rendering of a component in Blazor based on different screen sizes?I have a component that renders a table. It will render a different amount of rows based on screen ❔ Random Letter```cs using System; using System.IO; class GFG{ public static void Main(string[] args) { Rando❔ Trying to create my first non-tutorial ASP.net project running into small errorTLDR; **take a look at last question** I am using the tutorial model which has a page called "PrivHow to differentiate endpoints based on parameters?I want to have two endpoints `/users` and `/users?id=#`, but swagger doesn't seem to like what I ha