Share via

CORS problem with PUT and DELETE

Ian Dudley 1 Reputation point
2020-12-04T17:27:31.627+00:00

Hi,

I am developing an API that needs to use PUT and DELETE Verbs for actions in several controllers. But on each of these CORS is rejecting them despite being set up for any Origins, any Methods, any Headers, etc. My CORS policy is set up near the top of ConfigureServices/Startup.cs as follows: 

       services.AddCors(options => options.AddPolicy("CorsPolicy", builder =>  
        {  
            builder  
                .AllowAnyMethod()  
                .AllowAnyHeader()  
                .AllowCredentials()  
                .SetPreflightMaxAge(TimeSpan.FromSeconds(2520))  
                .SetIsOriginAllowed(origin => _ = true);  
        }));

And in Configure I have: 

        app.UseCors("CorsPolicy");

I have applied these to all the relevant controllers with these attributes: 

[EnableCors("CorsPolicy")]

But I am still getting these CORS errors:

45303-image.png

I have followed suggestions I found elsewhere and even included API calls for OPTIONS in two of my controllers, as I do understand that this is likely to be related to OPTIONS requests associated with the PUT and DELETE verbs from the Front End Browser. Likewise I included the .SetPreflightMaxAge(TimeSpan.FromSeconds(2520))
option in my setup.

But it has not eliminated the problem. Can anyone see what I am doing wrong?

Thanks

Ian

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,573 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yiyi You - MSFT 521 Reputation points
    2020-12-07T09:03:37.663+00:00

    Hi,@Ian Dudley
    You can try to do like this 

    services.AddCors(options => options.AddPolicy("CorsPolicy", builder =>  
         {  
             builder  
                 .WithOrigins("http://localhost:4200")  
                 .AllowAnyMethod()  
                 .AllowAnyHeader()  
                 .AllowCredentials()  
                 .SetPreflightMaxAge(TimeSpan.FromSeconds(2520));  
         }));

    And make sure the order you used app.UseCors("CorsPolicy"); is right,you can refer to the order in the official document

    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Regards,
    Yiyi You-MSFT

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.