1

I have followed the guidelines listed in the Microsoft article: Enable Cross-Origin Requests (CORS) in ASP.NET Core and I am still unable to access the API from the local vue website or PostMan. Any suggestions?

Here is what is defined in AllowedHosts:

"AllowedHosts": "http://localhost;http://localhost:8080"

Here is the startup class:

using App.Core.Data;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

namespace App.Core
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddDbContext<ImportContext>((builder) =>
            {
                builder.UseSqlServer(Configuration.GetConnectionString("ParsingAppDb"));
            });
            services.AddDbContext<CodeAdminContext>((builder) =>
            {
                builder.UseSqlServer(Configuration.GetConnectionString("ParsingAppDb"));
            });
            services.AddScoped(typeof(IImportContext), typeof(ImportContext));
            services.AddScoped(typeof(ICodeAdminContext), typeof(CodeAdminContext));
            services.AddTransient(typeof(Logic.IImporter), typeof(Logic.Importer));
            services.AddTransient(typeof(Logic.I2964Procssor), typeof(Logic.Processor_2964));
            services.AddTransient(typeof(Logic.I2965Procssor), typeof(Logic.Processor_2965));

            var allowedHosts = Configuration.GetValue(typeof(string), "AllowedHosts") as string;
            services.AddCors(options =>
            {
                options.AddDefaultPolicy(
                    builder =>
                    {
                        if (allowedHosts == null || allowedHosts == "*")
                        {
                            builder.AllowAnyOrigin()
                                .AllowAnyMethod()
                                .AllowAnyHeader();
                            return;
                        }
                        string[] hosts;
                        if (allowedHosts.Contains(';'))
                            hosts = allowedHosts.Split(';');
                        else
                        {
                            hosts = new string[1];
                            hosts[0] = allowedHosts;
                        }
                        builder.WithOrigins(hosts)
                        .AllowAnyMethod()
                        .AllowAnyHeader()
                        .AllowCredentials();
                    });
            }); services.AddControllers();

        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseHttpsRedirection();

            app.UseRouting();

            app.UseCors();

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }
    }
}

Even using fiddler does not show anything helpful, just the denied call. Conversely if I set it to any origin I can get PostMan to work but the vue website then returns that no Accept-Control was set.

Update: And I already have the Microsoft.AspNetCore.Cors package installed.

Neville Kelly
  • 143
  • 8
  • Side note: I believe you can simply write `Configuration.GetValue("AllowedHosts")` (as opposed to `typeof(string)` and `as string`). – ProgrammingLlama Apr 17 '20 at 00:12
  • 1
    Side note 2 :) - there's no need to check for the ";" just to see if it should be split. Just call the Split() method - if there aren't any ";"'s, then the string array will be set to the lone value - `var hosts = allowedHosts.Split(';', StringSplitOptions.RemoveEmptyEntries); ` – Frank Alvaro Apr 17 '20 at 00:40
  • Noted, thank you both for the suggestions. – Neville Kelly Apr 17 '20 at 03:51
  • 1
    Postman does not care about same origin policy. If you're unable to make a request with Postman, chances are that the problem is not related with CORS at all. – Pablo Recalde Apr 17 '20 at 14:50

1 Answers1

0

I found the problem. It is the configuration value:

"AllowedHosts": "http://localhost;http://localhost:8080"

Apparently this value is used in another way, creating a separate Cors section and placing the allowed cors hosts there and then changing the AllowedHosts value back to * fixed the issue.

Neville Kelly
  • 143
  • 8