C#•15mo ago

❔ Cors Policy Error

When ever my front-end tries to communicate with my back-end I receive this error, any ideas why? https://cdn.discordapp.com/attachments/1136302991666843680/1146527808072454144/image.png

42 Replies

Pobiega•15mo ago

Yes. Your frontend isnt running at the same host/port as the backend, and you have not disabled CORS

S-IERRAOP•15mo ago

Yes, so in that case should I disable it or is there any other solution

Pobiega•15mo ago

You could configure CORS to allow the frontend specifically, and maybe run that configuration only in development you dont want a CORS policy that allows a "localhost:xxxx" in production 🙂

S-IERRAOP•15mo ago

hmm why would that be? port of frontend shouldnt change also if I can allow that in development only what would you suggest for prod

Pobiega•15mo ago

did you miss the "in production" part? well I dont know how you plan on hosting this in production if the FE runs on a different host than your BE, you'll need to have a CORS policy for that I'm hoping its obvious why you dont want to allow localhost in production...

S-IERRAOP•15mo ago

No it isn't obvious, and no I didn't miss the in-production part, thats why i specifically asked what you'd do for a production scenario

Pobiega•15mo ago

Then I suggest you go read up on what CORS is because if its not obvious, you don't understand CORS

S-IERRAOP•15mo ago

You do realise this is a support server right

Pobiega•15mo ago

Sure. Doesn't mean I have to explain everything.

S-IERRAOP•15mo ago

Okay, sounds great, anyway, I asked what to do in a production scenario

Pobiega•15mo ago

And its not a support server as in "ask questions, get code" its "ask questions, get information" You need to understand what purpose CORS has and what it does and how it works to be able to configure a suitable policy.

S-IERRAOP•15mo ago

Your anwser contains nothing

S-IERRAOP•15mo ago

This is not an anwser This is just "erm go look it up"

MODiX•15mo ago

Pobiega

You could configure CORS to allow the frontend specifically, and maybe run that configuration only in development

Quoted by

<@105026391237480448> from #Cors Policy Error (click here)

React with ❌ to remove this embed.

MODiX•15mo ago

Pobiega

if the FE runs on a different host than your BE, you'll need to have a CORS policy for that

Quoted by

<@105026391237480448> from #Cors Policy Error (click here)

React with ❌ to remove this embed.

Pobiega•15mo ago

These are answers. I'm not going to write the code for you. or as I previously mentioned, disable CORS thats also an option, still

S-IERRAOP•15mo ago

auth not working? disable auth 👍

Pobiega•15mo ago

Explain what CORS is to me, right now. and how it works

S-IERRAOP•15mo ago

are you feeling okay 💀

Pobiega•15mo ago

equating it to auth is an apples to oranges of major proportions lol

S-IERRAOP•15mo ago

"Explain what CORS is to me, right now." 🤓 right neow

Pobiega•15mo ago

Yes. Prove to me that you know what it is and how it works

S-IERRAOP•15mo ago

LMAOOOOOOOOOOOO

Pobiega•15mo ago

so we can continue to solve your issue because unless you are willing to learn, we can't but just fyi, its very common to disable cors during development and run a strict policy in production (assuming this is a private/internal API meant for your frontend and your frontend only) there are ofc still ways to get around it, but at least someone else cant make an alternate frontend without also making a backend

S-IERRAOP•15mo ago

Yeah I never asked for development did I

Pobiega•15mo ago

But your screenshot is clearly from development since the url is localhost

S-IERRAOP•15mo ago

man im gonna breaking my head against a wall in a sec 😭

S-IERRAOP•15mo ago

S-IERRAOP•15mo ago

read this please read it clearly

Pobiega•15mo ago

Are you actually blind? I've said TWICE now what you should do for prod https://discord.com/channels/143867839282020352/1146535228014330046/1146541102309052556

run a strict policy in production (assuming this is a private/internal API meant for your frontend and your frontend only)

MODiX•15mo ago

Pobiega

but just fyi, its very common to disable cors during development and run a strict policy in production (assuming this is a private/internal API meant for your frontend and your frontend only)

Quoted by

<@105026391237480448> from #Cors Policy Error (click here)

React with ❌ to remove this embed.

S-IERRAOP•15mo ago

Alright cool,

        serviceCollection.AddCors(options => {
            options.AddPolicy("CORSPolicy", corsPolicyBuilder => 
                corsPolicyBuilder.WithOrigins("https://weburl.com")
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials()
                    .SetIsOriginAllowed((_) => true));
        });

        serviceCollection.AddCors(options => {
            options.AddPolicy("CORSPolicy", corsPolicyBuilder => 
                corsPolicyBuilder.WithOrigins("https://weburl.com")
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials()
                    .SetIsOriginAllowed((_) => true));
        });

is fine?

Pobiega•15mo ago

remove the SetIsOriginAllowed part that essentially negates the WithOrigins since you are giving it a function that returns true for any and all origins in effect, it would disable CORS

S-IERRAOP•15mo ago

alright i see ty gonna test

Pobiega•15mo ago

note that if you specify https, it will require https if you want both to be fine, you need to give it both

Pobiega•15mo ago

also, this adds the policy, you also need to apply the cors middleware with UseCors like so

S-IERRAOP•15mo ago

Alr do that thats fine yes

Pobiega•15mo ago

yup

S-IERRAOP•15mo ago

Fixed, sorry bout any toxic messages thanks for the help

Accord•15mo ago

Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.

Gaming

Programming

❔ Cors Policy Error