Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] CORS origin error while on subdomain #903

Open
acepm-ams opened this issue Nov 28, 2023 · 1 comment
Open

[BUG] CORS origin error while on subdomain #903

acepm-ams opened this issue Nov 28, 2023 · 1 comment

Comments

@acepm-ams
Copy link

Dear Team,

I am reaching out to address an ongoing concern related to CORS (Cross-Origin Resource Sharing) that we have been encountering since the migration to .Net 7.0.

To provide some context, I have been utilizing the .Net 6 architecture successfully before the upgrade to .Net 7.0. Initially, during the development phase, the application worked seamlessly in our local environment with distinct port numbers. However, over the past week, we have been consistently experiencing CORS errors, with issues ranging from occasional update method failures to the complete cessation of the site's functionality.

In an effort to resolve these CORS challenges, I explored various solutions, but none have proven successful thus far. As part of our deployment strategy, we attempted to set up environments using subdomains (e.g., xyz.com as the main domain, api.xyz.com for the hosted API, and app.xyz.com for the hosted Web/Angular application). Regrettably, this configuration resulted in the same CORS errors.

I also experimented with an alternative approach, using paths instead of subdomains (e.g., xyz.com as the main domain, xyz.com/api/ for the hosted API, and xyz.com/app/ for the hosted Web/Angular application). Surprisingly, this method worked without encountering CORS issues.

Why subdomain * distinct approach failed to work?

Solutions Attempted:

Ensured the "cors.json" file within the configuration folder was appropriately configured.
Modified the CORS policy in the startup.cs file, trying various combinations:

Original Code:

return services.AddCors(opt =>
            opt.AddPolicy(CorsPolicy, policy =>
                policy.AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowCredentials()
                    .WithOrigins(origins.ToArray())));

Alternative Solutions:
1.

return services.AddCors(opt =>
            opt.AddPolicy(CorsPolicy, policy =>
                policy.AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowCredentials()
                    .AllowAnyOrigin()));
return services.AddCors(opt =>
            opt.AddPolicy(CorsPolicy, policy =>
                policy.AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowAnyOrigin()));

I added * also in cors.json file but still we are getting CORS policy error.

Despite these efforts, the CORS policy errors persist. I have attached an image illustrating the encountered error for your reference.
image

Your insights and assistance in resolving this matter would be greatly appreciated, as we are approaching the project's go-live date.

Thank you for your attention and collaboration.

Best regards,

@Hadi69ans
Copy link

I temporarily disabled the cors service to solve this problem.
Is there a requirement with this restriction on the program?
image
Did you find a reliable way to solve this problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants