Quickest Way to Enable CORS for ASP.NET Core Web API application
- By : Mydatahack
- Category : .NET, Web Technologies
- Tags: ASP.NET, CORS, Web API
Browser security does not allow other domain to make AJAX requests.This is called same-origin policy which prevents malicious attack from other sites. When you need to allow other sites to make cross-origin requests, we can enable Cross-origin resource sharing (CORS).
There is a pretty good documentation about enabling CORS for a dotnet core application here.
In terms of Web API application, the quickest way is to add UserCors in Configure method in startup.cs file as below.
Obviously, the above solution should not be used in production. It is supposed to be a quick test in development environment to make your AJAX requests from another domain work.
In reality, we should have specific origins configured alongside with allowed method or headers. Below is the example of allowing cross-origin requests from the specific domain.
Check out a full ASP.NET API example here.