Setting up CORS - browser shows "No 'Access-Control-Allow-Origin' header is present" but it is present
In my ASP.NET Core App I have the following:
builder.Services.AddCors(options =>
{
options.AddDefaultPolicy(policy =>
{
policy.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
});
var app = builder.Build();
app.UseCors();
Now my frontend app is sending a POST request to a different domain and a browser initiates an OPTIONS preflight request (all expected). In the network tab I see an options successful OPTIONS request with all the expected headers:
Access-Control-Allow-Headers: <...>Access-Control-Allow- Methods: <...>Access-Control-Allow-Origin: *
But the browser is blocking an actual POST request with the error:
Access to fetch at 'https://<...>' from origin 'https://<...>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I might be going mad, but how is this possible? I promise 200 bounty to someone who helps me solve the issue
The error message says the header is missing from the requested resource.
The screenshot you are showing is the response to the preflight.
The header needs to be on both the preflight response and the resource response.
- Blazor: The type or namespace name 'ApplicationPartAttributeAttribute' does not exist in the namespace 'Microsoft.AspNetCore.Mvc.ApplicationParts'
- How can I validate multiple action parameters with ValidationAttribute in ASP.NET Core 3.0
- MVC ASP.NET Core Show detailed error for staging environment
- Microsoft.AspNetCore.OpenAPI generates document with schema $refs to previous properties of same type instead of the base schema itself
- EF Core CRUD Scaffold, show primary key in view?
- Cannot resolve scoped service from root provider .Net Core 2
- Azure SignalR - Client connection fails with 401-Unauthorized 'invalid_token. The signature key was not found'
- How to hide the Links column in the Swagger UI Responses section
- Blazor InputText: conditionally rendering an attribute
- The SSL connection could not be established, see inner exception. Docker problem
- Check if a string is half width or full width in C#
- Unable to invoke javascript function from blazor component
- Cannot remove DBContext from DI
- Send HTTP_1_1_REQUIRED from ASP.NET Core controller
- How to disable the component hierarchy in Blazor?
- IdentityServer4 in IIS being recycled due to app_offline.htm when using discovery endpoint sometimes
- Interact with the Virtualize component
- Cannot resolve scoped service 'xx.IEnumerable`1[xx.IDbContextOptionsConfiguration`1[xx.ExampleDbContext]]...' after upgrading from .NET 8 to .NET 9
- How i can add endpoint (or сatch a request and check its path) to BCL?
- How does the "Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" package resolves types which are in "Microsoft.AspNetCore.dll"?
- Customize output Serilog
- Unhandled exception. System.InvalidOperationException
- Is it possible to use ASP.NET Core within an F# fsx script?
- How to send data with the size more than Signalr message size limit in Blazor?
- IDX12723: Unable to decode the payload '[PII of type 'System.String' is hidden
- UpdateRange method of Entity Framework Core does not work
- How to enable CORS in ASP.net Core WebAPI
- Why does my CORS configuration still block datatables from consuming an API?
- .NET return JSON without reformating
- .NET 8 & SQL Server 2016 - Contains() throws error