Hello, I get this error on Asp Net 5 WebApi:
Access to XMLHttpRequest at 'http://localhost:5000/Api/curvapeso/upload/azienda/716' from origin 'https://localhost:44344' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
And the endpoint (Upload() action below) isn't reached.
This is my CORS configuration:
services.AddCors(options => { options.AddPolicy("CorsPolicy", builder => { builder.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader(); if (string.IsNullOrEmpty(origin)) { builder.AllowAnyOrigin(); } else { builder.WithOrigins(origin); } }); });...app.UseCors("CorsPolicy");
This is my upload endpoint, and Options handler (see in this post and suggested by the docs):
[HttpOptions("upload/azienda/{idazienda}")][AllowAnonymous]public static IActionResult FileOptions(HttpRequest req){ string originSite = req.Headers["Origin"]; req.HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", originSite); req.HttpContext.Response.Headers.Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS"); req.HttpContext.Response.Headers.Add("Access-Control-Allow-Credentials", "true"); req.HttpContext.Response.Headers.Add("Access-Control-Allow-Headers", "X-PINGOTHER, Content-Type"); return new NoContentResult();}[HttpPost("upload/azienda/{idazienda}")]public async Task<IActionResult> Upload(IEnumerable<IFormFile> files, int idazienda, HttpRequest req){ string originSite = req.Headers["Origin"]; req.HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", originSite); req.HttpContext.Response.Headers.Add("Access-Control-Allow-Credentials", "true"); .... }
has anyone already had this problem? How to solve it?
Thank you very much