C
C#ā€¢11mo ago
S-IERRA

ā” Cors Policy Error

When ever my front-end tries to communicate with my back-end I receive this error, any ideas why? https://cdn.discordapp.com/attachments/1136302991666843680/1146527808072454144/image.png
42 Replies
Pobiega
Pobiegaā€¢11mo ago
Yes. Your frontend isnt running at the same host/port as the backend, and you have not disabled CORS
S-IERRA
S-IERRAā€¢11mo ago
Yes, so in that case should I disable it or is there any other solution
Pobiega
Pobiegaā€¢11mo ago
You could configure CORS to allow the frontend specifically, and maybe run that configuration only in development you dont want a CORS policy that allows a "localhost:xxxx" in production šŸ™‚
S-IERRA
S-IERRAā€¢11mo ago
hmm why would that be? port of frontend shouldnt change also if I can allow that in development only what would you suggest for prod
Pobiega
Pobiegaā€¢11mo ago
did you miss the "in production" part? well I dont know how you plan on hosting this in production if the FE runs on a different host than your BE, you'll need to have a CORS policy for that I'm hoping its obvious why you dont want to allow localhost in production...
S-IERRA
S-IERRAā€¢11mo ago
No it isn't obvious, and no I didn't miss the in-production part, thats why i specifically asked what you'd do for a production scenario
Pobiega
Pobiegaā€¢11mo ago
Then I suggest you go read up on what CORS is because if its not obvious, you don't understand CORS
S-IERRA
S-IERRAā€¢11mo ago
You do realise this is a support server right
Pobiega
Pobiegaā€¢11mo ago
Sure. Doesn't mean I have to explain everything.
S-IERRA
S-IERRAā€¢11mo ago
Okay, sounds great, anyway, I asked what to do in a production scenario
Pobiega
Pobiegaā€¢11mo ago
And its not a support server as in "ask questions, get code" its "ask questions, get information" You need to understand what purpose CORS has and what it does and how it works to be able to configure a suitable policy.
S-IERRA
S-IERRAā€¢11mo ago
Your anwser contains nothing
S-IERRA
S-IERRAā€¢11mo ago
S-IERRA
S-IERRAā€¢11mo ago
This is not an anwser This is just "erm go look it up"
MODiX
MODiXā€¢11mo ago
Pobiega
You could configure CORS to allow the frontend specifically, and maybe run that configuration only in development
Quoted by
<@105026391237480448> from #Cors Policy Error (click here)
React with āŒ to remove this embed.
MODiX
MODiXā€¢11mo ago
Pobiega
if the FE runs on a different host than your BE, you'll need to have a CORS policy for that
Quoted by
<@105026391237480448> from #Cors Policy Error (click here)
React with āŒ to remove this embed.
Pobiega
Pobiegaā€¢11mo ago
These are answers. I'm not going to write the code for you. or as I previously mentioned, disable CORS thats also an option, still
S-IERRA
S-IERRAā€¢11mo ago
auth not working? disable auth šŸ‘
Pobiega
Pobiegaā€¢11mo ago
Explain what CORS is to me, right now. and how it works
S-IERRA
S-IERRAā€¢11mo ago
are you feeling okay šŸ’€
Pobiega
Pobiegaā€¢11mo ago
equating it to auth is an apples to oranges of major proportions lol
S-IERRA
S-IERRAā€¢11mo ago
"Explain what CORS is to me, right now." šŸ¤“ right neow
Pobiega
Pobiegaā€¢11mo ago
Yes. Prove to me that you know what it is and how it works
S-IERRA
S-IERRAā€¢11mo ago
LMAOOOOOOOOOOOO
Pobiega
Pobiegaā€¢11mo ago
so we can continue to solve your issue because unless you are willing to learn, we can't but just fyi, its very common to disable cors during development and run a strict policy in production (assuming this is a private/internal API meant for your frontend and your frontend only) there are ofc still ways to get around it, but at least someone else cant make an alternate frontend without also making a backend
S-IERRA
S-IERRAā€¢11mo ago
Yeah I never asked for development did I
Pobiega
Pobiegaā€¢11mo ago
But your screenshot is clearly from development since the url is localhost
S-IERRA
S-IERRAā€¢11mo ago
man im gonna breaking my head against a wall in a sec šŸ˜­
S-IERRA
S-IERRAā€¢11mo ago
S-IERRA
S-IERRAā€¢11mo ago
read this please read it clearly
Pobiega
Pobiegaā€¢11mo ago
Are you actually blind? I've said TWICE now what you should do for prod https://discord.com/channels/143867839282020352/1146535228014330046/1146541102309052556
run a strict policy in production (assuming this is a private/internal API meant for your frontend and your frontend only)
MODiX
MODiXā€¢11mo ago
Pobiega
but just fyi, its very common to disable cors during development and run a strict policy in production (assuming this is a private/internal API meant for your frontend and your frontend only)
Quoted by
<@105026391237480448> from #Cors Policy Error (click here)
React with āŒ to remove this embed.
S-IERRA
S-IERRAā€¢11mo ago
Alright cool, 
        serviceCollection.AddCors(options => {
            options.AddPolicy("CORSPolicy", corsPolicyBuilder => 
                corsPolicyBuilder.WithOrigins("https://weburl.com")
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials()
                    .SetIsOriginAllowed((_) => true));
        });
        serviceCollection.AddCors(options => {
            options.AddPolicy("CORSPolicy", corsPolicyBuilder => 
                corsPolicyBuilder.WithOrigins("https://weburl.com")
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials()
                    .SetIsOriginAllowed((_) => true));
        });
is fine?
Pobiega
Pobiegaā€¢11mo ago
remove the SetIsOriginAllowed part that essentially negates the WithOrigins since you are giving it a function that returns true for any and all origins in effect, it would disable CORS
S-IERRA
S-IERRAā€¢11mo ago
alright i see ty gonna test
Pobiega
Pobiegaā€¢11mo ago
note that if you specify https, it will require https if you want both to be fine, you need to give it both
Pobiega
Pobiegaā€¢11mo ago
also, this adds the policy, you also need to apply the cors middleware with UseCors like so
S-IERRA
S-IERRAā€¢11mo ago
S-IERRA
S-IERRAā€¢11mo ago
Alr do that thats fine yes
Pobiega
Pobiegaā€¢11mo ago
yup
S-IERRA
S-IERRAā€¢11mo ago
Fixed, sorry bout any toxic messages thanks for the help
Accord
Accordā€¢11mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
ā” How to bring in DbContext?```csharp app.MapPost("/cities", async ([FromBody] City city) => { ... }); ```ā” āœ… How do you structure AzureFunctionApp project?I have azure function app project with few functions, logic and models are contained in folder with ā” Proper email backround service archHi, need help. I have a booking app in which I will send confirmation emails, thank you emails, remiā” Getting documentation from another class and putting it in another oneTitle is probably very confusing, but I'm asking if theres a way to do this ```cs /// <summary> ///ā” Creating a server for a messaging appFor a messaging app I'm developing, I've created a contacts collection (code below) which will contaāœ… Correct MVVM approach for displaying models representing settings**Given** that I have a set of models representing settings, **When** I supply then to a UI utiliziā” Smart RegexIs there some general Regex that websites apply to find the most matching alternative from a list ofā” Problem setting up ASP.NET on LinuxHi, I'm trying to setup ASP on linux but I'm getting erros like this https://cdn.discordapp.com/attā” Serilog Logs Scrambled from MultithreadingDoes anyone know how to use Serilog in a more advanced way? I have a problem in my API when I run ā” getproperties reset object properties to 0https://hatebin.com/tmqcnvqzag