This is a migrated thread and some comments may be shown as answers.

CORS problem

0 Answers 550 Views
Upload
This is a migrated thread and some comments may be shown as answers.
Andrea
Top achievements
Rank 1
Veteran
Andrea asked on 19 Jan 2021, 06:27 PM

Hello, I get this error on Asp Net 5 WebApi:

Access to XMLHttpRequest at 'http://localhost:5000/Api/curvapeso/upload/azienda/716' from origin 'https://localhost:44344' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

And the endpoint (Upload() action below) isn't reached.

This is my CORS configuration:

            services.AddCors(options =>
            {
                options.AddPolicy("CorsPolicy",
                    builder =>
                    {
                        builder.AllowAnyOrigin()
                            .AllowAnyMethod()
                            .AllowAnyHeader();
 
                        if (string.IsNullOrEmpty(origin))
                        {
                            builder.AllowAnyOrigin();
                        }
                        else
                        {
                            builder.WithOrigins(origin);
                        }
 
                    });
            });
 
...
app.UseCors("CorsPolicy");

 

This is my upload endpoint, and Options handler (see in this post and suggested by the docs):

[HttpOptions("upload/azienda/{idazienda}")]
[AllowAnonymous]
public static IActionResult FileOptions(HttpRequest req)
{
    string originSite = req.Headers["Origin"];
    req.HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", originSite);
    req.HttpContext.Response.Headers.Add("Access-Control-Allow-Methods", "POST, GET, OPTIONS");
    req.HttpContext.Response.Headers.Add("Access-Control-Allow-Credentials", "true");
    req.HttpContext.Response.Headers.Add("Access-Control-Allow-Headers", "X-PINGOTHER, Content-Type");
    return new NoContentResult();
}
 
[HttpPost("upload/azienda/{idazienda}")]
public async Task<IActionResult> Upload(IEnumerable<IFormFile> files, int idazienda, HttpRequest req)
{
    string originSite = req.Headers["Origin"];
    req.HttpContext.Response.Headers.Add("Access-Control-Allow-Origin", originSite);
    req.HttpContext.Response.Headers.Add("Access-Control-Allow-Credentials", "true");
    ....
 }

 

has anyone already had this problem? How to solve it?

Thank you very much

 

 

 

 

 

 

 

 

 

No answers yet. Maybe you can help?

Tags
Upload
Asked by
Andrea
Top achievements
Rank 1
Veteran
Share this question
or