Categories

Account Information
16
Billing
9
DNN (DotNetNuke) (Legacy)
7
General Hosting
17
Managed WordPress (Legacy)
14
Plesk (ASP.NET Hosting Plans)
134
Plesk (Linux Hosting Plans) (Legacy)
10
Sales
9
SmarterMail
17

  Categories

  Tag Cloud

.net 8.0 .net 8.0 core .net core .net core 6 to .net 7 .net core 7 .net core 7.0 .net core 8 .net core 8.0 .net core 9 .net core 9.0 403 403 error 404 error 5.7 5.8 503 503 service unavailable access denied add modify dns addon Angular Calls app pool app slow application failed to load application pool asp.net core 8 asp.net versions asp.net viewstate authorization token awstats billing billing hours blazor cancel contract cancel hosting plan cancellation change dns change nameservers content filtering copy database cost increase costs create email address create sql database customer support deploy deploy blazor deploy core differences between .net 7.0 and net 8.0 dkim dnn dnn install dnn migration dnn upgrade dns dns servers dns settings domain domain alias domain name domain name transfer domain not resolvable domain not working domain parking domain pointer dot net core 7.0 dotnetcore dotnetcore 9.0 dotnetcore8 dotnetnuke email email addon email mass emailing bulk email email option email script email user error errors forbidden increase Let's Encrypt certificate installation fails mac failed machineKey mail from script mail option mail script mailkit MailKit.Net.Smtp managed wordpress hosting Memory migrate sql database mimekit nameservers new accounts order hosting plan password protection points price price increase prices private bytes memory limit publish publishing ram react react.js recycle recycle pool resolvable REST API restart pool restore backup sql database running slowly scp secure website setup email signalr slow smartermail smartermail addon smartermail option smartermail price smtp sql 2019 sql remote database manage sql server management studio ssl ssl certificate SSL Provider ssms stop start pool sub domain sub-domain subdomain subdomain dns support support credit points support credits support hours support points Swagger Calls system.net system.net.mail The certificate chain was issued by an authority that is not tru TrustServerCertificate=True unhandled exception update dns upgrade dnn upgrade dotnetnuke validation Verb Requests visual studio 2022 visual studio remote sql management waf web application firewall web deploy xml website slow webstats wordpress 5.9 wordpress hardening wordpress version

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

  Control Panel Links

WIN 2022 Plesk Control Panel
WIN 2019 Plesk Control Panel
Linux Plesk Control Panel

Configuring CORS in ASP.NET Core Applications Print

  • 0

What is CORS?

Cross-Origin Resource Sharing (CORS) allows your API to accept requests from different domains. Without proper CORS configuration, browsers block requests from other origins.

Common CORS Error

Access to XMLHttpRequest at 'https://api.example.com' from origin 'https://webapp.example.com'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present.

Basic CORS Configuration (.NET 6+)

var builder = WebApplication.CreateBuilder(args);

// Add CORS services
builder.Services.AddCors(options =>
{
    options.AddDefaultPolicy(policy =>
    {
        policy.WithOrigins("https://yourfrontend.com")
              .AllowAnyHeader()
              .AllowAnyMethod();
    });
});

builder.Services.AddControllers();

var app = builder.Build();

// Enable CORS - MUST be before UseAuthorization
app.UseCors();
app.UseAuthorization();
app.MapControllers();
app.Run();

Allow Multiple Origins

policy.WithOrigins(
    "https://app1.example.com",
    "https://app2.example.com",
    "https://localhost:3000"  // For development
);

Allow All Origins (Development Only)

policy.AllowAnyOrigin()
      .AllowAnyHeader()
      .AllowAnyMethod();

Warning: Never use AllowAnyOrigin in production!

Named Policies

builder.Services.AddCors(options =>
{
    options.AddPolicy("ApiPolicy", policy =>
    {
        policy.WithOrigins("https://myapp.com")
              .AllowAnyHeader()
              .AllowAnyMethod()
              .AllowCredentials();
    });
});

// Apply to specific controller
[EnableCors("ApiPolicy")]
[ApiController]
public class DataController : ControllerBase { }

Allow Credentials

For cookies or authentication headers:

policy.WithOrigins("https://myapp.com")
      .AllowAnyHeader()
      .AllowAnyMethod()
      .AllowCredentials();  // Cannot use with AllowAnyOrigin

CORS with Blazor WebAssembly

When your Blazor WASM app calls an API on a different domain:

  • Configure CORS on the API server (not the Blazor app)
  • Include the Blazor app origin in allowed origins

Troubleshooting

  • Order matters: UseCors() must come before UseAuthorization()
  • Check preflight: Browser sends OPTIONS request first
  • Credentials + AnyOrigin: Not allowed together
  • HTTPS required: Credentials require secure connection

Was this answer helpful?

Related Articles

Error when accessing a WCF service: "This collection already contains an address with scheme http. There can be at most one address per scheme in this collection." For ASP.NET 4.X, add the following lines to your web.config: <system.serviceModel>... HTTP Error 500.35 - ANCM Multiple In-Process Applications in same Process You receive the error message HTTP Error 500.35 - ANCM Multiple In-Process Applications in same... You receive the following message in your browser after deploying an ASP.NET Core or Blazor App. An error occurred while processing your request. Request ID: 00-e8eba18f7bd7cc953b3d83c95e46ce1a-51dab3fefddb8ae8-00 Development Mode It further states: Swapping to the Development environment displays detailed information about... You receive an HTTP 404 ERROR with an ASP.NET Core API or Website Troubleshooting HTTP 404 Errors in ASP.NET Core Updated: This article covers both the modern... How to troubleshoot "HTTP Error 502.5 - Process Failure" with .NET Core Common causes of this issue: The application process failed to startThe application process...
« Back

  Tag Cloud

.net 8.0 .net 8.0 core .net core .net core 6 to .net 7 .net core 7 .net core 7.0 .net core 8 .net core 8.0 .net core 9 .net core 9.0 403 403 error 404 error 5.7 5.8 503 503 service unavailable access denied add modify dns addon Angular Calls app pool app slow application failed to load application pool asp.net core 8 asp.net versions asp.net viewstate authorization token awstats billing billing hours blazor cancel contract cancel hosting plan cancellation change dns change nameservers content filtering copy database cost increase costs create email address create sql database customer support deploy deploy blazor deploy core differences between .net 7.0 and net 8.0 dkim dnn dnn install dnn migration dnn upgrade dns dns servers dns settings domain domain alias domain name domain name transfer domain not resolvable domain not working domain parking domain pointer dot net core 7.0 dotnetcore dotnetcore 9.0 dotnetcore8 dotnetnuke email email addon email mass emailing bulk email email option email script email user error errors forbidden increase Let's Encrypt certificate installation fails mac failed machineKey mail from script mail option mail script mailkit MailKit.Net.Smtp managed wordpress hosting Memory migrate sql database mimekit nameservers new accounts order hosting plan password protection points price price increase prices private bytes memory limit publish publishing ram react react.js recycle recycle pool resolvable REST API restart pool restore backup sql database running slowly scp secure website setup email signalr slow smartermail smartermail addon smartermail option smartermail price smtp sql 2019 sql remote database manage sql server management studio ssl ssl certificate SSL Provider ssms stop start pool sub domain sub-domain subdomain subdomain dns support support credit points support credits support hours support points Swagger Calls system.net system.net.mail The certificate chain was issued by an authority that is not tru TrustServerCertificate=True unhandled exception update dns upgrade dnn upgrade dotnetnuke validation Verb Requests visual studio 2022 visual studio remote sql management waf web application firewall web deploy xml website slow webstats wordpress 5.9 wordpress hardening wordpress version

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

  Control Panel Links

WIN 2022 Plesk Control Panel
WIN 2019 Plesk Control Panel
Linux Plesk Control Panel