How to enable Cross-Origin Requests (CORS) in Asp.Net Core MVC?

Total Page Preview: 000000000192

How to enable Cross-Origin Requests (CORS) in Asp.Net Core MVC?

Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS) is a security feature implemented by web browsers to restrict web pages from making requests to a different domain than the one that served the web page. However, there are scenarios where you need to enable CORS in your ASP.NET Core application to allow cross-origin requests, such as when building a web API that needs to be consumed by a client application hosted on a different domain. To enable CORS in ASP.NET Core, you can follow these steps:

Step 1: Install the CORS Middleware Package

Ensure that you have the Microsoft.AspNetCore.Cors package installed in your ASP.NET Core project. You can do this using the Package Manager Console or by adding it to your project's .csproj file. Here's an example using the .NET CLI:

Step 2: Configure CORS in Startup.cs

In your Startup.cs file, locate the ConfigureServices method and add CORS policy configuration using the AddCors method:

In the code above, we've added a CORS policy named "AllowSpecificOrigin" that allows requests from the "http://example.com" origin. You can replace this with the origin(s) you want to allow. The .AllowAnyHeader() and .AllowAnyMethod() methods allow any headers and HTTP methods in the cross-origin request.

Step 3: Apply the CORS Policy

Next, in the Configure method of Startup.cs, add the UseCors middleware to apply the CORS policy:

Make sure to place app.UseCors before any other middleware that might process requests.

Step 4: Handle CORS Preflight Requests (Optional)

For some requests, especially those with custom headers or HTTP methods other than the basic ones (GET, POST, PUT, DELETE), the browser may send a preflight request (OPTIONS) to check if the server allows the actual request. You can handle these preflight requests by adding a separate CORS policy with the .AllowAnyMethod() and .AllowAnyHeader() methods, or by using the .AllowAnyOrigin() method, but be cautious about using this option as it allows any origin to access your API:

Then, in your Configure method, add app.UseCors to apply this policy:

Step 5: Test CORS Configuration

With CORS configured, your ASP.NET Core application should now allow cross-origin requests from the specified origins. Test your CORS configuration by making requests from your client application hosted on the allowed domains to your ASP.NET Core API.

Remember that CORS policies can vary depending on your specific requirements and security considerations. Always configure CORS to be as restrictive as necessary for your application's security needs.

Thank You

About Author

Brijesh Kumar

Database Developer

I have more then 6 years Experience in Microsoft Technologies - SQL Server Database, ETL Azure Cloud - Azure SQL Database, CosmosDB, Azure Data Factory, PowerBI, Web Job, Azure Function, Azure Storage, Web Apps, Powershall and Database Migration On-Premise to Azure Cloud.
LinkedIn : https://www.linkedin.com

Comments


Please enter your comment.
Please enter your Email-Id. Please enter valid Email-Id
Please enter your name.

Notify me of new comments via email. Notify me of new posts via email.