Closed yusuffaslann closed 1 week ago
hi
When I try to start the project via IIS I get cors policy error on the gateway.
This is a CROS problem instead of ABP. You can check below links:
https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0 https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0#cors-in-iis
Do I need to create a proxy configuration file for Angular?
I'm not sure, You can refer to the Microsoft document.
I found the solution,
In all services, gateway and auth server the problem was solved when I configured the service methods to allow all cors as follows.
--gateway-- old
var builder = WebApplication.CreateBuilder(args); builder.Services.AddReverseProxy() .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy")); var app = builder.Build(); app.MapReverseProxy(); app.Run();
new
var builder = WebApplication.CreateBuilder(args); builder.Services.AddReverseProxy() .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy")); builder.Services.AddCors(options => { options.AddPolicy("OpenCorsPolicy", builder => builder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .SetIsOriginAllowed(origin => true) .WithHeaders("x-requested-with", "Content-Type", "Authorization")); }); var app = builder.Build(); app.UseCors("OpenCorsPolicy"); app.MapReverseProxy(); app.Run();
--auth
old
context.Services.AddCors(options => { options.AddDefaultPolicy(builder => { builder .WithOrigins( configuration["App:CorsOrigins"] .Split(",", StringSplitOptions.RemoveEmptyEntries) .Select(o => o.RemovePostFix("/")) .ToArray() ) .WithAbpExposedHeaders() .SetIsOriginAllowedToAllowWildcardSubdomains() .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials(); }); });
public override void OnApplicationInitialization(ApplicationInitializationContext context) { IdentityModelEventSource.ShowPII = true; var app = context.GetApplicationBuilder(); var env = context.GetEnvironment(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseAbpRequestLocalization(); if (!env.IsDevelopment()) { app.UseErrorPage(); } app.UseCorrelationId(); app.UseStaticFiles(); app.UseRouting(); app.UseCors(); app.UseAuthentication(); app.UseAbpOpenIddictValidation(); ...... }
new
public override void ConfigureServices(ServiceConfigurationContext context) { context.Services.AddCors(options => { options.AddPolicy("OpenCorsPolicy", builder => builder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .WithAbpExposedHeaders() .SetIsOriginAllowed(origin => true) .WithHeaders("x-requested-with", "Content-Type", "Authorization")); }); }
public override void OnApplicationInitialization(ApplicationInitializationContext context) { IdentityModelEventSource.ShowPII = true; var app = context.GetApplicationBuilder(); var env = context.GetEnvironment(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseAbpRequestLocalization(); if (!env.IsDevelopment()) { app.UseErrorPage(); } app.UseCorrelationId(); app.UseStaticFiles(); app.UseRouting(); app.UseCors("OpenCorsPolicy"); app.UseAuthentication(); app.UseAbpOpenIddictValidation(); ..... }
Is there an existing issue for this?
Description
When I try to start the project via IIS I get cors policy error on the gateway.When I send a request using Swagger and Postman to the link where I get the Cors policy, it works fine.
Reproduction Steps
No response
Expected behavior
No response
Actual behavior
No response
Regression?
No response
Known Workarounds
No response
Version
7.0.3
User Interface
Angular
Database Provider
EF Core (Default)
Tiered or separate authentication server
Separate Auth Server
Operation System
Windows (Default)
Other information
No response