Asp.NET MVC Core CORS -

we working on application has mobile part , web ui. web ui uses angular , have problems configuring cors on backend. our code looks (just code important our problem):

public void configure(iapplicationbuilder app, ihostingenvironment env, iloggerfactory loggerfactory) {     app.usecors("allowall");      app.usemvc(); }  public void configureservices(iservicecollection services) {                 services.addmvc();      //add cors support service     services.addcors(         options => options.addpolicy(             "allowall", p => p.allowanyorigin()                 .allowanyheader()                 .allowanymethod()                 .allowcredentials()             )         ); } 

from documentatiaon , other post on stackoverflow should work, not. have missed?

thnx

---

edit:

this request postman:

curl 'https://guw.azurewebsites.net/api/token' -x options -h 'pragma: no-cache' -h 'access-control-request-method: post' -h 'origin: http://localhost:9000' -h 'accept-encoding: gzip, deflate, sdch, br' -h 'accept-language: en-us,en;q=0.8' -h 'user-agent: mozilla/5.0 (windows nt 10.0; wow64) applewebkit/537.36 (khtml, gecko) chrome/51.0.2704.103 safari/537.36' -h 'accept: /' -h 'cache-control: no-cache' -h 'referer: http://localhost:9000/' -h 'connection: keep-alive' -h 'access-control-request-headers: accept, authorization, content-type' --compressed

you can import in postman , have on it. request sent angular app.

hope helps.

at end decided add in middleware method:

private void addcors(httpcontext context) {     context.response.headers.add("access-control-allow-headers",          new string[] { "authorization", "content-type" });     context.response.headers.add("access-control-allow-methods",          new string[] { "options", "post", "get", "delete", "put" });      ienumerable<string> allowedurls = new list<string>()     {         "http://localhost:8100",          "http://localhost:9000"     };      if (allowedurls.count() > 0)     {         foreach(string x in allowedurls)         {             var origin = context.request.headers.firstordefault(                 key => key.key == "origin");             var found = x.tolower() == origin.value.tostring().tolower();             if (found)             {                 context.response.headers.add("access-control-allow-origin",                      new string[] { origin.value });             }         }     }      return; } 

---

edit:

this good, in logic not worked needed, ended in middleware class, , works fine:

// add cors every response context.response.headers.add("access-control-allow-headers",      new string[] { "authorization", "content-type" }); context.response.headers.add("access-control-allow-methods",      new string[] { "options", "post", "get", "delete", "put" }); context.response.headers.add("access-control-allow-origin", "*");  if (context.request.method.equals("options", stringcomparison.ordinal)) {      context.response.statuscode = 204;     return _next(context); } 

thx

in application (which has angular2 frontend), doing following way-

        app.usecors(builder => {             builder.allowanyorigin().allowanymethod().allowanyheader();         }); 

refer more information - https://docs.asp.net/en/latest/security/cors.html

see if helps.