'Access-Control-Allow-Origin' in ASP.NET Core 6

Question

Tested in Postman and works fine. In Browser I get this Error:

Access to XMLHttpRequest at 'http://localhost:5081/api/Accounting/GetSales' from origin 'https://localhost:44426' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Asp Net Core Project with Angular and .Net6

[DisableCors]
[HttpGet("GetSales")]
        public IEnumerable<SaleDto> GetSales()
        {
            var result = _context.Sales.Select(x => new SaleDto
            {
                AccountName = x.Account.Name,
                CategoryName = x.Category.CategoryName,
                SaleDate = x.SaleDate,
                SaleId = x.SaleId,
                SaleValue = x.SaleValue,
            });
            return result;
        }

you have to expose the cors on the server. `DisableCors` defeats that — Daniel A. White, Jan 04 '22 at 21:41
Postman does not care about CORS. The browser does. You explicitely disabled CORS for that call, so why do you wonder it doesn't work? — derpirscher, Jan 04 '22 at 21:42
So, have you configured CORS? https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-6.0 — derpirscher, Jan 04 '22 at 21:48

Eric Rohlfs · Accepted Answer · 2022-01-04T21:52:33.877

Do you have the proper entries when you register the middleware? https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-6.0

You will need to add localhost and the port numbers. I believe the port numbers are currently causing the issue right now. If both sites were on the same port number you might not get this issue. Also, see the answers for CORS error on same domain. CORS error on same domain?

Also, you want to enable CORS not disable it. CORS relaxes the security measures so your code can reach across ports.

'Access-Control-Allow-Origin' in ASP.NET Core 6

1 Answers1