Closed nallu026 closed 2 years ago
@nallu026 Is your app hosted behind a proxy with CORS configurations? Can you provide some network traffic for the endpoints that you believe aren't working? Do you have a separate front-end app (SPA) from your backend?
Hi @nallu026. We have added the "Needs: Author Feedback" label to this issue, which indicates that we have an open question for you before we can take further action. This issue will be closed automatically in 7 days if we do not hear back from you by then - please feel free to re-open it if you come back to this issue after that time.
CORS doesn't restrict anything -- it relaxes the browser same-origin policy.
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. If it is closed, feel free to comment when you are able to provide the additional information and we will re-investigate.
See our Issue Management Policies for more information.
Is there an existing issue for this?
Describe the bug
Hi There, I have created an ASP.NET Core 6.0 Web API and trying to set cors policy. I have applied policy only to allow few origins, but it is not working as expected instead it allows for all the sites which consumes this API. Can you please help me what I am missing? Here is my program.cs file.
var builder = WebApplication.CreateBuilder(args);
// Add services to the container. builder.Services.AddCors(options => { options.AddPolicy("myPolicy", policy => { policy.WithOrigins("http://example.com").AllowAnyHeader().AllowAnyMethod(); }); });
builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); builder.Services.AddDbContext(options =>
options.UseSqlServer(builder.Configuration.GetConnectionString("defaultConnection")));
//builder.Services.AddCors(); var app = builder.Build();
// Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); }
app.UseHttpsRedirection(); app.UseRouting(); app.UseCors("myPolicy"); app.UseAuthorization();
app.MapControllers();
app.Run();
Expected Behavior
I was expected to allow access to the endpoints only for the requests from example.com, but it allows for all other sites too. You help is much appreciated.
Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version
No response
Anything else?
No response