Using the Web API server we developed in
Part I, , and the Angular client we developed in
Part II, we can make the tests below:
Define the policy in Configure Method: Working
- public void ConfigureServices(IServiceCollection services)
- {
-
- services.AddCors();
-
- ......
- }
-
- public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
- {
- ......
-
-
- app.UseCors(builder =>
- {
- builder
- .AllowAnyOrigin()
- .AllowAnyMethod()
- .AllowAnyHeader();
- });
-
- ......
- }
Default Policy in ConfigureService Method: Working
- public void ConfigureServices(IServiceCollection services)
- {
-
- services.AddCors(options =>
- {
- options.AddDefaultPolicy(
- builder =>
- {
- builder.WithOrigins("https://localhost:44351", "http://localhost:4200")
- .AllowAnyHeader()
- .AllowAnyMethod();
- });
- });
-
- ......
- }
-
- public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
- {
- ......
-
- app.UseCors();
- ......
- }
Named Policy in ConfigureService Method: Working
- public void ConfigureServices(IServiceCollection services)
- {
-
- services.AddCors(options =>
- {
- options.AddPolicy(name: "AllowOrigin",
- builder =>
- {
- builder.WithOrigins("https://localhost:44351", "http://localhost:4200")
- .AllowAnyHeader()
- .AllowAnyMethod();
- });
- });
-
-
- ......
- }
-
- public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
- {
- ......
-
- app.UseCors();
- ......
- }
- [EnableCors("AllowOrigin")]
-
- [HttpGet]
- public async Task<ActionResult<IEnumerable<Store>>> GetStores()
- {
- return await _context.Stores.ToListAsync();
- }
Combined Definitions of Policies: Working
- public void ConfigureServices(IServiceCollection services)
- {
-
-
- services.AddCors(options =>
- {
- options.AddDefaultPolicy(
- builder =>
- {
- builder.WithOrigins("https://localhost:44351", "http://localhost:4200")
- .AllowAnyHeader()
- .AllowAnyMethod();
- });
- });
-
-
- services.AddCors(options =>
- {
- options.AddPolicy(name: "AllowOrigin",
- builder =>
- {
- builder.WithOrigins("https://localhost:44351", "http://localhost:4200")
- .AllowAnyHeader()
- .AllowAnyMethod();
- });
- });
- ......
- }
-
- public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
- {
- ......
-
- app.UseCors();
-
-
- app.UseCors("AllowOrigin");
-
-
- app.UseCors(builder =>
- {
- builder
- .AllowAnyOrigin()
- .AllowAnyMethod()
- .AllowAnyHeader();
- });
-
- ......
- }
Without definition of a policy: Not Working
- public void ConfigureServices(IServiceCollection services)
- {
- services.AddCors();
- ......
- }
-
- public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
- {
- ......
-
- app.UseCors();
-
- ......
- }
Note
Here, we use angular client developed in
Part II to do our tests, but not the MVC client we devbeloped in
Part I. Actually, by my test, the MVC Client is automatically to have access to Web API different origin source, that we only need to enable CORS from Config method like below:
For .NET Core MVC Client, it is
working - policy: Not Working
-
- public void ConfigureServices(IServiceCollection services)
- {
-
- ......
- }
-
- public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
- {
- ......
-
- app.UseCors();
-
- ......
- }
I do not know the reason, and I cannot get any explanation from online. Anyone has knowledge about that, I will appreciate your input.
Summary
As a conclusion of this CORS article-series (with
Part I,
Part II), we discuss the methods to enable CORS in .NET Core Web API for different situations.