2

I am unable to make cors work angular .net core 2.1 I get this error:

Access to XMLHttpRequest at 'https://dev...SaveAPP' from origin 'https://page' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

this is my startup.cs

public void ConfigureServices(IServiceCollection services)
{
    services.AddCors(options =>
    {
        options.AddPolicy("AllowAll",
            builder => builder.WithOrigins("http://localhost:4200", "https://e.corpintra.net", "https://specit-dtna-dev.e.corpintra.net", "https://specit-dtna.e.corpintra.net", "https://specit-dtna-test.e.corpintra.net")
                                  .AllowAnyMethod()
                                  .WithExposedHeaders("content-disposition")
                                  .AllowAnyHeader()
                                  .AllowCredentials()
                                  .SetPreflightMaxAge(TimeSpan.FromSeconds(3600)));
    });

    services.Configure<MvcOptions>(options =>
    {
        options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAll"));
    });

    services.AddMvc().AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
    services.AddAuthentication(IISDefaults.AuthenticationScheme);
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    if (env.IsProduction() || env.IsStaging())
    {
        app.UseExceptionHandler("/Error");
    }
    // app.UseCorsMiddleware();
    app.UseCors("AllowAll");
    //    app.UseCors(builder =>
    //          builder.WithOrigins("http://localhost:4200", "http://localhost:5000")
    //.AllowAnyOrigin()
    //.AllowAnyHeader()
    //.AllowAnyMethod());

    app.UseMvc();
}

from angular I am using an interceptor

intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {

    request = request.clone({
      withCredentials: true
    });
    return next.handle(request);
}

my api is both windows authentication and anonymous authentication enabled.

this is on an intranet.

Improve this question

1 Answer 1

Reset to default
1

(SOLVED) I had been getting a similar error while trying to convert the Tour of Heroes Angular 7 Demo to make REST calls to a remote MySQL DB. I had even tried moving the Apache server to my local machine:

Access to XMLHttpRequest at 'http://localhost/angular-php-app/backend' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

The SOLUTION, I found it here -> http://blog.wsoft.se/category/tips-tricks/

Here is what I did within my angular app:

install the cors-proxy-server

/tour-of-heroes-mysql>npm install -g cors-proxy-server

...Roaming\npm\cors-proxy-server -> ...Roaming\npm\node_modules\cors-proxy-server\index.js
+ [email protected]
added 8 packages from 10 contributors in 2.376s

Started it up

tour-of-heroes-mysql>HOST=127.0.0.1 PORT=9090 cors-proxy-server &
[1] 17172
/tour-of-heroes-mysql>[Sun Jan 27 2019 10:52:13 GMT-0500 (Eastern Standard Time)] - CORS Proxy Server started on 127.0.0.1:9090

edit heroes.service to change the URL to include the proxy

    private heroesUrl = 'http://localhost/angular-php-app/backend';  // URL to web api
-->  private heroesUrl = 'http://localhost:9090/http://localhost/angular-php-app/backend'

Saved the changes and IT WORKED!!!!

NOTE: Had some problems with "PUT" operations, not sure if the proxy was handling those properly. Found this as a better solution using CHROME, just disable the check by adjusting the Windows Properties on the target, to this:

 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:/ChromeDevSession"

(NOTE - you will get a warning 'unsupported' when you start CHROME, but it works. Make a special shortcut on your desktop, use ONLY FOR TESTING)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.