My website is experiencing CORS error in subpages when using safari only. Meaning, On the homepage, there's no CORS error, and the api returns 200 with correct json data on all browsers including safari. But when it comes to https://example.com/blog all other browsers work, except for safari which displays a CORS error.
My website frontend is at https://example.com, while my api is at https://api.example.com/api
I have tried adding the trailing slashes as suggested in an answer to this question here: CORS request not working in Safari
The api is coded using asp dotnet core, and hosted on Debian 10 using nginx reverse proxy which I assume is passing the correct headers (knowing that it's working fine in the homepage). Here's my code adding CORS support:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowAll",
builder =>
{
builder.WithOrigins(Configuration.GetSection("Origins"))
.SetIsOriginAllowed(x=>_ = true)
.AllowCredentials()
.AllowAnyMethod()
.AllowAnyHeader()
.SetPreflightMaxAge(TimeSpan.FromMinutes(60)); //one hour preflight is ok
});
});
//rest of the code
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseForwardedHeaders();
app.UseHttpsRedirection();
app.UseResponseCompression();
app.UseRouting();
app.UseCors("AllowAll");
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers().RequireCors("AllowAll");
});
}
