CORS error: set the request's mode to 'no-cors' to fetch the resource with CORS disabled

Question

0.00/5 (No votes)

See more:

Hi folks,

I have a .net core api and front end is angular. when i deploy the API in server i am getting below cors issue. i have implemented so many things as per google results. but still didn't get the solution. please help to close this.

Access to fetch at 'api end point' from origin 'https://webapp.io' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

What I have tried:

1) Enabled the cors policy in .net core globally
2) Applied headers in is (method, origin,x-powered-by )
3) Enabled the cors with default origin

Posted 23-Nov-20 8:11am

sencsk

Updated 23-Nov-20 18:45pm

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2020-11-23T18:45:00

Solution 1

Your API is not returning a CORS header.

Since we can't see your code, we can't tell you why. All we can tell you is what the error message is already telling you. The response from your API does not contain an Access-Control-Allow-Origin header.

Posted 23-Nov-20 18:45pm

Richard Deeming

Comments

sencsk 24-Nov-20 14:02pm

Below is my code for reference in startup file.

Configureservice:
services.AddCors(options =>
{
options.AddPolicy("AllowAll",
builder =>
{
builder.WithOrigins("https://webapp.io/", "https://www.webapp.io/")
.SetIsOriginAllowed((host) => true)
.AllowAnyHeader()
.AllowAnyMethod();
});
});
//CORS

services.AddControllers();

Configure:
public async void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
//var builder = new Microsoft.Extensions.Configuration.ConfigurationBuilder();
//builder.SetBasePath(env.ContentRootPath)
// .AddJsonFile("configuration.json", optional: false, reloadOnChange: true)
// .AddEnvironmentVariables();

//Configuration = builder.Build();
//CORS
//app.UseCors(builder => builder.AllowAnyHeader().AllowAnyMethod().SetIsOriginAllowed((host) => true).AllowCredentials());
app.UseCors("AllowAll");
app.UseMiddleware<corsmiddleware>();
// END CORS

await app.UseOcelot();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
loggerFactory.AddLog4Net();
}
}

Richard Deeming 25-Nov-20 3:59am

Enable Cross-Origin Requests (CORS) in ASP.NET Core | Microsoft Docs[^]
"The call to UseCors must be placed after UseRouting, but before UseAuthorization."
Your UseCors call is placed before UseRouting.

You also seem to have some additional middleware, which may be conflicting:

app.UseMiddleware<corsmiddleware>();

NB: Your CORS headers will allow requests from any site hosted on the webapp.io domain, with or without the www. prefix.

sencsk 26-Nov-20 1:10am

Still no luck. I have tried all 3 implementations based on the shared url.i am attaching the startup.cs https://drive.google.com/file/d/1YN83mkgXWbeR26cz-D3tWNID-Zrqic_x/view?usp=sharing