Closed yusuffaslann closed 1 week ago
maliming
commented
2 weeks ago hi
When I try to start the project via IIS I get cors policy error on the gateway.
This is a CROS problem instead of ABP. You can check below links:
https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0 https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0#cors-in-iis
yusuffaslann
commented
1 week ago Do I need to create a proxy configuration file for Angular?
maliming
commented
1 week ago I'm not sure, You can refer to the Microsoft document.
yusuffaslann
commented
1 week ago I found the solution,
In all services, gateway and auth server the problem was solved when I configured the service methods to allow all cors as follows.
--gateway-- old
var builder = WebApplication.CreateBuilder(args); builder.Services.AddReverseProxy() .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy")); var app = builder.Build(); app.MapReverseProxy(); app.Run();
new
var builder = WebApplication.CreateBuilder(args); builder.Services.AddReverseProxy() .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy")); builder.Services.AddCors(options => { options.AddPolicy("OpenCorsPolicy", builder => builder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .SetIsOriginAllowed(origin => true) .WithHeaders("x-requested-with", "Content-Type", "Authorization")); }); var app = builder.Build(); app.UseCors("OpenCorsPolicy"); app.MapReverseProxy(); app.Run();
--auth
old
context.Services.AddCors(options => { options.AddDefaultPolicy(builder => { builder .WithOrigins( configuration["App:CorsOrigins"] .Split(",", StringSplitOptions.RemoveEmptyEntries) .Select(o => o.RemovePostFix("/")) .ToArray() ) .WithAbpExposedHeaders() .SetIsOriginAllowedToAllowWildcardSubdomains() .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials(); }); });
public override void OnApplicationInitialization(ApplicationInitializationContext context) { IdentityModelEventSource.ShowPII = true; var app = context.GetApplicationBuilder(); var env = context.GetEnvironment(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseAbpRequestLocalization(); if (!env.IsDevelopment()) { app.UseErrorPage(); } app.UseCorrelationId(); app.UseStaticFiles(); app.UseRouting(); app.UseCors(); app.UseAuthentication(); app.UseAbpOpenIddictValidation(); ...... }
new
public override void ConfigureServices(ServiceConfigurationContext context) { context.Services.AddCors(options => { options.AddPolicy("OpenCorsPolicy", builder => builder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .WithAbpExposedHeaders() .SetIsOriginAllowed(origin => true) .WithHeaders("x-requested-with", "Content-Type", "Authorization")); }); }
public override void OnApplicationInitialization(ApplicationInitializationContext context) { IdentityModelEventSource.ShowPII = true; var app = context.GetApplicationBuilder(); var env = context.GetEnvironment(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseAbpRequestLocalization(); if (!env.IsDevelopment()) { app.UseErrorPage(); } app.UseCorrelationId(); app.UseStaticFiles(); app.UseRouting(); app.UseCors("OpenCorsPolicy"); app.UseAuthentication(); app.UseAbpOpenIddictValidation(); ..... }
Is there an existing issue for this?
Description
When I try to start the project via IIS I get cors policy error on the gateway.When I send a request using Swagger and Postman to the link where I get the Cors policy, it works fine.
Reproduction Steps
No response
Expected behavior
No response
Actual behavior
No response
Regression?
No response
Known Workarounds
No response
Version
7.0.3
User Interface
Angular
Database Provider
EF Core (Default)
Tiered or separate authentication server
Separate Auth Server
Operation System
Windows (Default)
Other information
No response