0

I find it very confusing as I know of three different Cors packages. Reading the following:

How to make CORS Authentication in WebAPI 2?

It would seem that a person with a similar architecture to mine is using Microsoft.Owin.Cors package on their API Server. I have a WebAPI back-end with Identity 2, token bearer authentication but I have been able to get everything working using WebAPI 2.1 Cors only.

Can someone explain what's the reason for adding Microsoft.Owin.Cors? Note that for my needs I just need all interactions to be through the WebAPI controllers.

Community
  • 1
  • 1
Samantha J T Star
  • 30,952
  • 84
  • 245
  • 427

1 Answers1

1

  • Microsoft.Owin.Cors : use it to enable CORS for all cross-origins requests coming to your site, so if you use Web API and SignalR and you want to enable CORS for both use "Microsoft.Owin.Cors" library.

  • Microsoft.AspNet.WebApi.Cors : use it to enable the CORS request ONLY for the Web APIs.

Note that if you tried to use both and Enable CORS via both libraries you will end up having the error of multiple cors allow headers since both will add the "Access-Control-Allow-Origin" header to your response.

Hope that helps.

Omar.Alani
  • 4,050
  • 2
  • 20
  • 31