Hello, I get this error on Asp Net 5 WebApi:
Access to XMLHttpRequest at 'http://localhost:5000/Api/curvapeso/upload/azienda/716' from origin 'https://localhost:44344' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
And the endpoint (Upload() action below) isn't reached.
This is my CORS configuration:
services.AddCors(options =>
{
options.AddPolicy(
"CorsPolicy"
,
builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
if
(
string
.IsNullOrEmpty(origin))
{
builder.AllowAnyOrigin();
}
else
{
builder.WithOrigins(origin);
}
});
});
...
app.UseCors(
"CorsPolicy"
);
This is my upload endpoint, and Options handler (see in this post and suggested by the docs):
[HttpOptions(
"upload/azienda/{idazienda}"
)]
[AllowAnonymous]
public
static
IActionResult FileOptions(HttpRequest req)
{
string
originSite = req.Headers[
"Origin"
];
req.HttpContext.Response.Headers.Add(
"Access-Control-Allow-Origin"
, originSite);
req.HttpContext.Response.Headers.Add(
"Access-Control-Allow-Methods"
,
"POST, GET, OPTIONS"
);
req.HttpContext.Response.Headers.Add(
"Access-Control-Allow-Credentials"
,
"true"
);
req.HttpContext.Response.Headers.Add(
"Access-Control-Allow-Headers"
,
"X-PINGOTHER, Content-Type"
);
return
new
NoContentResult();
}
[HttpPost(
"upload/azienda/{idazienda}"
)]
public
async Task<IActionResult> Upload(IEnumerable<IFormFile> files,
int
idazienda, HttpRequest req)
{
string
originSite = req.Headers[
"Origin"
];
req.HttpContext.Response.Headers.Add(
"Access-Control-Allow-Origin"
, originSite);
req.HttpContext.Response.Headers.Add(
"Access-Control-Allow-Credentials"
,
"true"
);
....
}
has anyone already had this problem? How to solve it?
Thank you very much