1

I'm developing a web application based on an Angular 6 client and ASP.NET Core WebAPI for web services.

At the moment (initial development phase) i have a simple architecture that consists of two web services, one that manages authentication and identities, the other one that holds the applicative logic (business logic, updating db, ecc.).

I'm using JWT Bearer token for client authentication.

Everything works fine with my authentication service, but when I try to call the application service I obtain this error in the Chrome browser console:

Failed to load http://localhost:59207/api/Files/Upload: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 500.

This error is preceded by another one:

POST http://localhost:59207/api/Files/Upload 500 (Internal Server Error)

Is, in some way, the second error I get related to the Internal Server Error it is preceded by?

I test my POST call from Postman and everything works fine, no server-side errors and the data i want back from my service is returned.

I already put in place everything I know about CORS in ASP.NET Core.

Startup class method named "ConfigureServices" contains, as first row:

        services.AddCors(options =>
        {
            options.AddPolicy("AllowAll",
                builder =>
                {
                    builder
                    .AllowAnyOrigin()
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials();
                });
        });

Then this is called in the "Configure" method:

app.UseCors("AllowAll");

Also I put the EnableCors Attribute on every controller class like this:

[EnableCors("AllowAll")]

Anyone has an idea of how I can get out of this mess? From what I get, this is how CORS is intended to be used and I already got it running this way on other projects (but never with ASP.NET Core 2).

Thank you in advance

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
mororo
  • 1,074
  • 2
  • 11
  • 28
  • I had an issue resulting in similar behaviour. I had to ensure that app.UseCors was called before anything else. – Corporalis Aug 20 '18 at 15:37
  • Sorry just to provide some context, it should be called before app.UseMvc and app.UseStaticFiles – Corporalis Aug 20 '18 at 15:45
  • Yes, the line you see it's called before anything else. Regarding the Internal server error path, I would like to clarify that, from a tool like Postman, i receive no Internal server error; debug hits the breakpoint at the start of my controller action and everything works fine. – mororo Aug 20 '18 at 16:30

1 Answers1

0

This may not be an answer to your situation, but I've run into this issue quite often in the past. It's a Chrome issue when talking between two localhosts upon POST requests.

Try using another browser and see if it works; if so, you can continue using Chrome by disabling Security

chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security

hope this helps.

farzaaaan
  • 410
  • 3
  • 9
  • 1
    I don't think that disabling browser security would help. What about my final users? How do I manage their browser security status? – mororo Aug 20 '18 at 16:31
  • it's not going to impact the final user, the issue is when `chrome` is running a `localhost:xxxx` front-end, trying to _CORS_ into a `localhost:xxx` api that it causes this issue. So if you set up your front-end to be accessible locally under IIS via `exampleHostName` instead of `localhost:xxxx` the issue would go away. [see here for more details](https://stackoverflow.com/questions/10883211/deadly-cors-when-http-localhost-is-the-origin) – farzaaaan Aug 21 '18 at 00:25
  • Oh ok, got it! I will try and report feedback, thanks for now! – mororo Aug 21 '18 at 06:36