Enable CORS on an ASP.NET core MVC project

Question

I need to redirect the user to another page when I finally understood that my problem was CORS was blocking me I tried to figure out how to enable CORS to my specific URL that I am trying to redirect to without any luck...maybe someone could spot my mistake?

  public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseBrowserLink();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }
        app.UseHttpsRedirection();
        _scheduler.JobFactory = new AspnetCoreJobFactory(app.ApplicationServices);
        app.UseSession();
        app.UseStaticFiles();
        app.UseCors(MyAllowSpecificOrigins);
        app.UseAuthentication();
        app.UseRouting();
        app.UseAuthorization();
        app.UseCookiePolicy();
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Users}/{action=Dashboard}/{id?}");
        });
    }

public void ConfigureServices(IServiceCollection services)
    {
        FACEBOOK_APP_ID = _config.GetValue<string>("FACEBOOK_APP_ID");
        FACEBOOK_APP_SECRET = _config.GetValue<string>("FACEBOOK_APP_SECRET");
        services.AddHttpsRedirection(options =>
        {
            options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
            options.HttpsPort = 44300;
        });
        services.AddHttpClient();
        services.AddCors(options =>
        {
            options.AddPolicy(name: MyAllowSpecificOrigins,
                              builder =>
                              {
                                  builder.AllowAnyOrigin()
           .AllowAnyMethod()
           .AllowAnyHeader();
                              });
        });
        services.AddMvc();
        services.AddIdentity<ApplicationUser, IdentityRole>(options => options.User.AllowedUserNameCharacters = null).AddEntityFrameworkStores<AppDbContext>();
        services.AddControllersWithViews();
        services.AddDbContextPool<AppDbContext>(options => options.UseSqlServer(_config.GetConnectionString("AutoLoverDbConnection"), x => x.MigrationsAssembly("AutoMatcherProjectAss")).UseQueryTrackingBehavior(QueryTrackingBehavior.NoTracking));
        services.AddTransient<AppDbContext>();
        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
        services.AddSingleton<IActionContextAccessor, ActionContextAccessor>();
        services.AddSingleton<ISessionManager, ClientSIdeSessionManager>();
        services.AddHttpContextAccessor();
        services.AddSession();
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => false;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });
        services.AddDistributedMemoryCache();
        services.AddSession(options =>
        {
            options.IdleTimeout = TimeSpan.FromMinutes(60);//You can set Time   
            options.Cookie.HttpOnly = true;
        });
        services.AddTransient<ISche, SchedulerImpl>();
        services.AddTransient<IQueue, QueueImpl>();
        services.AddTransient<SchedulerJob>();
        services.AddTransient<IBotFactory, BotFactory>();
        services.AddTransient<IJsonFactory, JsonFactory>();
        services.AddTransient<ICredentialDb, CredentialDb>();
        services.AddSingleton(provider => _scheduler);
        services.AddAuthentication().AddFacebook(options =>
        {
            options.AppId = FACEBOOK_APP_ID;
            options.AppSecret = FACEBOOK_APP_SECRET;
            options.SaveTokens = true;

        });

        _scheduler.Clear();
    }

the controller :

    [HttpPost]
    public async Task<IActionResult> AuthenticateInstagramAPI(Service service)
    {

        return new RedirectResult("https://www.instagram.com/");

    }

the error:

Access to XMLHttpRequest at 'https://www.instagram.com/' (redirected from 'https://localhost:44300/Actions/AuthenticateInstagramAPI') from origin 'https://localhost:44300' has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response.

EDIT----------

the client side AJAX call :

function AuthInstagram() {
    var service = $('#userServicesDropDownAuth :selected').text()
    $.ajax({
        url: '/Actions/AuthenticateInstagramAPI',
        method: 'POST',
        data: service ,
        dataType: 'json',
        success: function (data) {
            console.log(data);
        },
        error: function (error) {
            //alert(error+"11");
        }
    })   

}

Answer 1

In your startup.cs.You put app.UseCors(MyAllowSpecificOrigins); between app.UseStaticFiles(); and app.UseAuthentication();

And in the doc,Calls the UseCors extension method and specifies the _myAllowSpecificOrigins CORS policy. UseCors adds the CORS middleware. The call to UseCors must be placed after UseRouting, but before UseAuthorization. For more information, see Middleware order.

So you can change your data like this:

    app.UseRouting();

    app.UseCors(MyAllowSpecificOrigins);


    app.UseAuthorization();

Answer 2

Figured it out.

turns out if you send an AJAX get request to a Controller actions, and try to redirect from that actions it wont work. could be that AJAX adds some headers or maybe the AJAX call doesn't go though the middleware pipeline? no idea, if someone knows the answer to why I would appriciate that!