CORS Issue in not allowing main domain in ASP.NET CORE

Question

I am using the below code in ASP.NET Core

         services.AddCors(policy => policy.AddPolicy(Constant.CorsPolicy, builder =>
        {
            var allowedDomain = configuration.GetValue<string>("AllowedDomains").Split(",");

            services.AddCors(policy => policy.AddPolicy(Constant.CorsPolicy, builder =>
            {
                builder.WithOrigins(allowedDomain)
                       .SetIsOriginAllowedToAllowWildcardSubdomains()
                       .AllowAnyMethod()
                       .AllowAnyHeader();

            }));
        }));

to allow all subdomain and main domain, what this code does that it allow all subdomain, but it does not allow the main domain, I am reading values from configurations.

"AllowedDomains": "https://.test.dk, http://.test.dk, http://test.dk"

The following api is not allowed when its hit:

https://api.test.dk/api/v1/Product/Search

Are you doing `app.UseCors()` on your `Configure()` method at Startup? — Pablo Recalde, Aug 17 '20 at 08:24
Also your allowed domains configuration must have the wildcard syntax like "https://*.test.dk" — Pablo Recalde, Aug 17 '20 at 08:27
Does this answer your question? [Configure cors to allow all subdomains using ASP.NET Core (Asp.net 5, MVC6, VNext)](https://stackoverflow.com/questions/36877652/configure-cors-to-allow-all-subdomains-using-asp-net-core-asp-net-5-mvc6-vnex) — Pablo Recalde, Aug 17 '20 at 08:28
Also on a side note, CORS allows your Webpage sitting on domain A to make a request to an API sitting on domain B, when you say "the following api is not allowed" something makes me think you're trying API to API communication where CORS should not be an issue. — Pablo Recalde, Aug 17 '20 at 08:35
@PabloRecalde in configuration its saved like this https://*.test.dk, http://*.test.dk, http://.test.dk — Aamir Naeem, Aug 17 '20 at 09:00
**First**, you should follow steps of [Enable Cross-Origin Requests (CORS) in ASP.NET Core](https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1) . **Then**, [Test Cors](https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1#test-cors). When it works with a domain you set, then consider the subdomain setting. — Michael Wang, Aug 24 '20 at 08:58

score 0 · Answer 1 · answered Aug 18 '20 at 03:39

0

Try to simplify the CORS and write like this:

Within your ConfigureServices method

 public void ConfigureServices(IServiceCollection services)
 {
        services.AddCors();
 }

And within your Configure method

 public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 {

        app.UseCors(options =>
       options.WithOrigins("http://localhost:3000")
       .AllowAnyHeader()
       .AllowAnyMethod());
 }

answered Aug 18 '20 at 03:39

Rohan Rao

2,505
3
19
39

"AllowedWildDomains": "https://*.test.dk" "AllowedDomains": "http://test.dk" options.AddPolicy(Constant.CorsWildPolicy,builder => { builder.WithOrigins(allowedWildDomain) .SetIsOriginAllowedToAllowWildcardSubdomains().AllowAnyMethod() .AllowAnyHeader(); }); options.AddPolicy(Constant.CorsPolicy,builder => { builder.WithOrigins(allowedDomain) .AllowAnyMethod() .AllowAnyHeader(); }); I have added two separate policies one for wildCard and other for domains. @noobprogrammer – Aamir Naeem Aug 18 '20 at 12:25
@nooprogrammer I have added two policies app.UseCors(Constant.CorsPolicy); app.UseCors(Constant.CorsWildPolicy); – Aamir Naeem Aug 18 '20 at 12:32
My question is that How can i check if the front end application can correctly hit to my API? – Aamir Naeem Aug 18 '20 at 12:32

CORS Issue in not allowing main domain in ASP.NET CORE

1 Answers1