0

I built an ASP.NET core Web API (net core 3.1), and I try to enable CORS but it seems not working.

Startup.cs:

public void ConfigureServices(IServiceCollection services)
{
    services.AddCors(options =>
    {
        options.AddPolicy("AllowMyOrigin",
        builder =>
        {
            builder.SetIsOriginAllowed(t => true)
            .AllowCredentials();
        });
    });
    ...
}


public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    //app.UseHttpsRedirection();


    app.UseRouting();

    app.UseCors("AllowMyOrigin");

    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllers();
    });
    app.UseHttpsRedirection();
}

Controller:

[Route("api/[controller]")] 
[ApiController]
public class airdata_updateController : ControllerBase
{
    [EnableCors("AllowMyOrigin")]
    [HttpGet]
    public string test()
    {
        return "ok";
    }

    ...
}

I use Postman test my API on local computer and it working well: local computer

But I use Postman on other computer in the same LAN to call my API, it failed: other computer

What should I do?

Morteza Asadi
  • 1,819
  • 2
  • 22
  • 39
Kevin Tang
  • 1
  • 1
  • 1
    That's not a CORS issue at all. The error message **says right there** that you have a connection timeout issue. Check your firewall settings and if your development web-server is configured to allow remote connections. – Dai Jul 12 '20 at 04:13
  • You need listen not only in local host, you need also listen in local network interface. – denys-vega Jul 12 '20 at 04:15
  • help link: https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1 and https://stackoverflow.com/questions/44379560/how-to-enable-cors-in-asp-net-core-webapi – Amin Golmahalleh Jul 12 '20 at 04:32
  • Thank you, Dai! You are right, it is firewall issue. – Kevin Tang Jul 12 '20 at 05:31

2 Answers2

0

Try this:

    public void ConfigureServices(IServiceCollection services)
    {
        ...
        
         services.AddCors();

        ...
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
       ...
       
        app.UseCors(
            options => options.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod()
        );

       ...
    }

You won't need any decorators in your controller methods, the specified CORS policy ( AllowAnyOrigin, AllowAnyHeader, AllowAnyMethod) is applied in all of them. In order to customize the policy, check https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1

Victor Gazzinelli
  • 91
  • 4
  • 10
0

maybe this option can help you.

services.AddCors(options =>
            {
                options.AddPolicy("AllowMyOrigin",
                    builder => builder
                        .AllowAnyMethod()
                        .AllowAnyHeader()
                        .AllowAnyOrigin()

                );
            });
foad abdollahi
  • 1,733
  • 14
  • 32