CORS doesn't work on ASP.NET Core 1.1

Question

I am trying to enable "*" CORS headers on application startup:

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc(opts =>
    {
        opts.Filters.Add(new AuthorizationFilterFactory());
    });

    services.AddCors(opts => opts.AddPolicy("*",
        builder => builder
          .AllowAnyHeader()
          .AllowAnyMethod()
          .AllowAnyOrigin()
          .AllowCredentials()));

    services.AddSwaggerGen();
    services.ConfigureSwaggerGen(opts =>
    {
        opts.SingleApiVersion(new Info { Version = "v1", Title = "CORS app" });
    });
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseCors("*");
    app.UseSwagger();
    app.UseSwaggerUi();
    app.UseMiddleware(typeof(ExceptionHandlingMiddleware));
    app.UseMvc();
}

The headers don't show up. Tried to request my resources with Ajax from a different domain and I am getting:

415 (Unsupported Media Type)

Tried with JS:

$.post("http://example.com/some-api", JSON.stringify({"name": "hello"}));

Any ideas? Maybe something wrong with the order of middleware registrations?

UPDATE: Apparently this CORS library adds headers only when it identifies XHR cross-origin requests. It suddenly started working for me. Thanks everyone for your comments.

Just an idea from the back of my memory, how about you try to use [CorsPolicyBuilder class](https://learn.microsoft.com/en-us/aspnet/core/api/microsoft.aspnetcore.cors.infrastructure.corspolicybuilder)? If I remember correctly my friend used it in Core 1.0 and it solved all problems — MaLiN2223, May 14 '17 at 15:47
@MaLiN2223 thanks for your comment. The builder that is used inside `AddCors` is actually CorsPolicyBuilder. What exactly do you propose? — Andrei, May 14 '17 at 15:51
@MaLiN2223 yes, I did. This is just a policy name. Doesn't matter how you call it. As long as it matches `app.UseCors(policyName: "*");` — Andrei, May 14 '17 at 15:56
Post your js request code. My guess is you aren't using the correct content type/accept header (`application/json` e.g.) — Mardoxx, May 14 '17 at 16:16
@Mardoxx I used pretty simple JS. I also was checking headers with Postman. — Andrei, May 14 '17 at 16:21
Does it work using Postman? What's your controller's action look like? JQuery uses `application/x-www-form-urlencoded` by default so if you are expecting json in your action it likely won't bind properly. Try with a request like this http://stackoverflow.com/a/5529700/3515174 — Mardoxx, May 14 '17 at 16:25
@Mardoxx totally my fault. I fixed the request and it started working for me. — Andrei, May 14 '17 at 16:46
@Andrei Could you please point out what you've changed to make this work? I got the same problem! — Rafael, Aug 15 '17 at 11:53
@Lobato make sure you're sending correct request. Headers may not appear if you use Postman or other HTTP Client. With the setup that you see in the question it should be working fine. — Andrei, Aug 15 '17 at 13:46
Just asked a question here (context): https://stackoverflow.com/questions/45694008/cross-origin-request-blocked-missing-token-access-control-allow-headers-no?noredirect=1#comment78346197_45694008 — Rafael, Aug 15 '17 at 13:49

CORS doesn't work on ASP.NET Core 1.1

0 Answers0