3

I have two applications running locally. One is an ASP.NET Core Web API (http://localhost:8081) serving up JSON responses. The other is a Javascript app (http://localhost:8080) making calls to the API. The API endpoint I'm testing with is a POST request and I've confirmed with Fiddler that this endpoint is working.

When I make the POST request from my Javascript app in Chrome I see this error:

Failed to load http://localhost:8081/api/search: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.

However, this is the full content of my API's Startup:

public Startup(IConfiguration configuration)
{
    Configuration = configuration;
}

public IConfiguration Configuration { get; }

public void ConfigureServices(IServiceCollection services)
{
    services
        .AddMvcCore()
        .AddJsonFormatters()
        .AddCors(options =>
        {
            options.AddPolicy("DefaultCorsPolicy",
                builder => builder
                    .WithOrigins("http://localhost:8080")
                    .AllowAnyMethod());
        });
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    app.UseCors("DefaultCorsPolicy");

    app.UseMvc();
}

I've followed the Microsoft docs, so I'm not sure what I've missed.

Here is the raw response I get from this endpoint in Fiddler:

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Server: Kestrel
X-Powered-By: ASP.NET
Date: Sat, 10 Mar 2018 09:23:46 GMT
Content-Length: 37

[{"id":1,"name":"lorem ipsum dolor"}]

As you can see, no Access-Control-Allow-Origin header is present.

Improve this question
8
  • Can you show us the response message when calling localhost:8081 ? Commented Mar 10, 2018 at 9:33
  • I've added to the end of my question. I've also re-ordered the UseCors and UseMvc statements after reading this (weblog.west-wind.com/posts/2016/Sep/26/…), but this hasn't changed the behaviour. Commented Mar 10, 2018 at 9:38
  • Working well for me, try rebuilding the API solution. Commented Mar 10, 2018 at 10:12
  • @getsetcode try to add .AllowAnyHeader() as well Commented Mar 10, 2018 at 10:52
  • @orel-eraki Thanks for checking. I've rebuilt many times with many variations of the configuration. I must be missing something but I can't imagine what. Commented Mar 10, 2018 at 11:27

1 Answer 1

Reset to default
2

You can try to configure CORS options right in services.UseCors() call, rather than services.AddCors(). 

public void ConfigureServices(IServiceCollection services)
{
    services.AddCors();
    services.AddMvcCore();
    ...
}


public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseCors(builder => builder
        .WithOrigins("http://localhost:8000")
        .AllowAnyHeader()
        .AllowAnyMethod()
    );

    app.UseMvcCore();
    ...
}

Note: Test it by Clearing the client side cache if any. On Chrome > F12 > Network Tab > Tick Disable Cache check box > Refresh the page.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.