Giters

fullstackhero / dotnet-starter-kit

Production Grade Cloud-Ready .NET 8 Starter Kit (Web API + Blazor Client) with Multitenancy Support, and Clean/Modular Architecture that saves roughly 200+ Development Hours! All Batteries Included.

Home Page:https://fullstackhero.net/dotnet-webapi-boilerplate/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] CORS origin error while on subdomain

acepm-ams opened this issue · comments

commented

Dear Team,

I am reaching out to address an ongoing concern related to CORS (Cross-Origin Resource Sharing) that we have been encountering since the migration to .Net 7.0.

To provide some context, I have been utilizing the .Net 6 architecture successfully before the upgrade to .Net 7.0. Initially, during the development phase, the application worked seamlessly in our local environment with distinct port numbers. However, over the past week, we have been consistently experiencing CORS errors, with issues ranging from occasional update method failures to the complete cessation of the site's functionality.

In an effort to resolve these CORS challenges, I explored various solutions, but none have proven successful thus far. As part of our deployment strategy, we attempted to set up environments using subdomains (e.g., xyz.com as the main domain, api.xyz.com for the hosted API, and app.xyz.com for the hosted Web/Angular application). Regrettably, this configuration resulted in the same CORS errors.

I also experimented with an alternative approach, using paths instead of subdomains (e.g., xyz.com as the main domain, xyz.com/api/ for the hosted API, and xyz.com/app/ for the hosted Web/Angular application). Surprisingly, this method worked without encountering CORS issues.

Why subdomain * distinct approach failed to work?

Solutions Attempted:

Ensured the "cors.json" file within the configuration folder was appropriately configured.
Modified the CORS policy in the startup.cs file, trying various combinations:

Original Code:

return services.AddCors(opt =>
            opt.AddPolicy(CorsPolicy, policy =>
                policy.AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowCredentials()
                    .WithOrigins(origins.ToArray())));

Alternative Solutions:
1.

return services.AddCors(opt =>
            opt.AddPolicy(CorsPolicy, policy =>
                policy.AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowCredentials()
                    .AllowAnyOrigin()));
return services.AddCors(opt =>
            opt.AddPolicy(CorsPolicy, policy =>
                policy.AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowAnyOrigin()));

I added * also in cors.json file but still we are getting CORS policy error.

Despite these efforts, the CORS policy errors persist. I have attached an image illustrating the encountered error for your reference.
image

Your insights and assistance in resolving this matter would be greatly appreciated, as we are approaching the project's go-live date.

Thank you for your attention and collaboration.

Best regards,