Search code examples
c#asp.net-core-mvc.net-4.5http-status-code-502

No 'Access-Control-Allow-Origin' header is present - asp.net core web api targeting .net framework 4.5.1

I have a server side RESTful API that was created in c# targeting .NET Framework 4.5.1 and the CORS configuration i have does not appear to be working...

public void ConfigureServices(IServiceCollection services) {

        services.AddCors(options => {
            options.AddPolicy("AllowAll",
                    builder => {
                        builder.AllowAnyOrigin()
                               .AllowAnyMethod()
                               .AllowAnyHeader()
                               .AllowCredentials();
                    });
        });

        // Add framework services.
        services.AddMvc();
        services.AddOptions();
    }

public void Configure(IApplicationBuilder app, IHostingEnvironment env, 
ILoggerFactory loggerFactory) {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        if (env.IsDevelopment()) {
            app.UseDeveloperExceptionPage();
        }

        var options = new JwtBearerOptions {
            Audience = "MyAudience"
            Authority = "MyAuthority"
        };

        app.UseJwtBearerAuthentication(options);
        app.UseCors("AllowAll");
        app.UseMvc();
    }

Each time i make a call to the below API in my controller 

[Authorize]
[HttpGet]
public Task<JsonResult> Get() {

ICollection<string> abc;
try {
    abc = new List<string>(){"A", "B", "C"};
} catch (Exception) {
    abc = null;
}
return Json(abc);
}

I get the following error...

"XMLHttpRequest cannot load x Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'x' is therefore not allowed access. The response had HTTP status code 502."

The http request from my client has an "Authorization" header in it which is why a preflight response is triggered, it has a valid token etc... so it has nothing to do with this part.

In fact if I create the exact same RESTful API targeting .NET Core 1.0, it works as expected. This leads me to believe there is either an issue with CORS and targeting .NET Framework 4.5.1 or there is now some explicit logic i have to add that is otherwise handled implicitly by .NET Core 1.0.

My understanding is that the CORS middleware should be handling all this, does anyone know what the issue might be here?

EDIT:

I forgot to mention that this works fine running as localhost, i only see this issue after deploying. Also, i tested this targeting .NET Framework 4.6.2 and the issue remained.

Solution

  • This has been resolved.

    https://github.com/aspnet/Tooling/blob/master/known-issues-vs2017.md#aspnet-core-known-issues

    Different versions of visual studio 2017 were being used and some projects\dependencies were targeting .Net Core 1.0 and others were targeting .Net Core 1.1 which caused different runtimes to be needed.

    Once we sync'd to the newest version of VS2017 (15.2.26430.13), targeted .Net Core 1.1 and installed the new runtime on the server the issue went away.

    The CORS error above was actaully a side effect of a 502 (Bad Request) error that i was missing in the callstack...