Clever Geek Handbook

No header "Access-Control-Allow-Origin" - asp.net core web api targeting.net framework 4.5.1

I have a server side RESTful API that was built in C # targeting the .NET Framework 4.5.1 and a CORS configuration that I don't seem to work ...

public void ConfigureServices(IServiceCollection services) {

        services.AddCors(options => {
            options.AddPolicy("AllowAll",
                    builder => {
                        builder.AllowAnyOrigin()
                               .AllowAnyMethod()
                               .AllowAnyHeader()
                               .AllowCredentials();
                    });
        });

        // Add framework services.
        services.AddMvc();
        services.AddOptions();
    }

public void Configure(IApplicationBuilder app, IHostingEnvironment env, 
ILoggerFactory loggerFactory) {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        if (env.IsDevelopment()) {
            app.UseDeveloperExceptionPage();
        }

        var options = new JwtBearerOptions {
            Audience = "MyAudience"
            Authority = "MyAuthority"
        };

        app.UseJwtBearerAuthentication(options);
        app.UseCors("AllowAll");
        app.UseMvc();
    }

Everytime I make below API call in my controller

[Authorize]
[HttpGet]
public Task<JsonResult> Get() {

ICollection<string> abc;
try {
    abc = new List<string>(){"A", "B", "C"};
} catch (Exception) {
    abc = null;
}
return Json(abc);
}

I am getting the following error ...

"XMLHttpRequest cannot load x The response to the preflight check does not pass the access control check: the requested resource is missing the" Access-Control-Allow-Origin "header. Therefore, the original address" x "is not allowed. Has an HTTP status code of 502."

There is an "Authorization" header in the http request from my client, which triggers the presale response, it has a valid token, etc., so it has nothing to do with that part.

In fact, if I create the same RESTful API targeting .NET Core 1.0, it works as expected. This leads me to think there is a CORS issue and targeting .NET Framework 4.5.1, or there is some explicit logic that I have to add that is otherwise handled by .NET Core 1.0.

I understand that CORS middleware has to handle all of this, does anyone know what might be here?

EDIT:

I forgot to mention that this works fine as localhost, I only see this issue after deployment. Also, I tested this targeting .NET Framework 4.6.2 and the problem persisted.

+3


source to share


1 answer


This was allowed.

https://github.com/aspnet/Tooling/blob/master/known-issues-vs2017.md#aspnet-core-known-issues

Different versions of visual studio 2017 were used, and some projects / dependencies were targeting .NET Framework 1.0 and others targeting NetNet 1.1, which necessitated different due dates.



After we synchronized with the newest VS2017 (15.2.26430.13) target .Net Core 1.1 and installed the new runtime on the server, the problem went away.

The CORS error above was actaully a side effect of the 502 (Bad Request) error I was missing from the callstack ...

+3


source






More articles:


All Articles