2

I deployed the application on the production server of my web.api and I get the following error in the browser console (seems solved):

Access to XMLHttpRequest at
'https://ebbtelemetrywebapi.azurewebsites.net/api//events' from origin 'https://ebbwatelem.azurewebsites.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Before this error I have the following (seems solved):

POST https://localhost:44340/api/events 500

The header of the called function is the following :

public async Task<IEnumerable<CosmosDBEvents>> GetAsync([FromBody]EventsGetTwoParamsDto dto)

The DTO declaration is the following :

public class EventsGetTwoParamsDto
{
    public string DeviceIdorId { get; set; }
    public string Action2 { get; set; }
}

and the ajax call is the following :

 $.ajax({
        type:"POST",
        url: ENV.apiUrl+'/events',
        data: JSON.stringify({DeviceIdorId: ENV.deviceId, Action2 : "Pagina5"}),
        dataType: "json",
        contentType: 'application/json;charset=UTF-8',
        success: function(data){
            console.log("RISPOSTA", data);
        }
    });

The Startup.cs/ConfigurationServices method contains the lines:

 services.AddCors(); // Make sure you call this previous to AddMvc
 services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

and thr Startup.cs/Configure method contains :

   app.UseCors(         
      options=> options.AllowAnyOrigin()
                       .AllowAnyHeader()
                       .AllowAnyMethod()
                       .AllowCredentials());

What am I doing wrong?

Thanks in advance. Simone

All the issues is related to the second one solved changing the declaration of the method in the controller as shown below :

[HttpPost]
public async 
Task<IEnumerable<CosmosDBTelemetry>>GetAsync(TelemetriesTwoParamsDto dto)

Thanks to all, Simone

Simone Spagna
  • 626
  • 7
  • 27
  • 1
    In Startup.cs class ConfigureServices() Add below code `services.AddCors(options => { options.AddPolicy("AllowAllOrigins", builder1 => { builder1 .AllowAnyOrigin() .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials(); }); });` In the same class Configure method you have to add `app.UseCors("AllowAllOrigins")` – bhathiya.m Jul 30 '19 at 05:59
  • Possible duplicate of [How to enable CORS in ASP.NET Core](https://stackoverflow.com/questions/31942037/how-to-enable-cors-in-asp-net-core) – Reyan Chougle Jul 30 '19 at 06:06
  • I can see that your web app is hosted on azure. In azure there is a setting to enable cors. [Azure CORS Configuration](https://social.msdn.microsoft.com/Forums/azure/en-US/5bd37aa7-eed7-4ddd-a560-c36a09e1674d/how-can-i-enable-the-cors-on-my-app-hosted-on-azure-portal?forum=windowsazurewebsitespreview) – bhathiya.m Jul 30 '19 at 06:14
  • See Azure storage cors configuration: https://learn.microsoft.com/en-us/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services – Harshad Vekariya Jul 30 '19 at 06:21

2 Answers2

3

You might be misplacing the code.

public void ConfigureServices(IServiceCollection services)
{
        services.AddCors(options =>
        {
            options.AddPolicy("AllowAnyOrigin",
                builder => builder
                .AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader());
        });

        // other code           
}

public void Configure(IApplicationBuilder app)
{
    app.UseCors("AllowAnyOrigin");

    // ...
}
Harshad Vekariya
  • 972
  • 1
  • 7
  • 28
0

You can try adding the default policy to ConfigureServices method:

public void ConfigureServices(IServiceCollection services)
{
    services.AddCors(options =>
    {
        options.AddDefaultPolicy(builder =>
        {
            builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
        });
    }

    // (...)
}

See ASP.NET Core CORS documentation section for reference.

You can also try adding "AllowedHosts": "*" to appsettings.json file.

miCHolo
  • 21
  • 6