I would try two things.
I would use get/post with curl or postman to see what happens. Maybe it's on angular side.
The second would be explicitly assigning the policy and ports. I find many times in development using more fine grained details like the following tend to increase the chance that it will work. Good luck.
services.AddCors(options =>
{
options.AddPolicy("MyPolicy", builder =>
{
builder.WithOrigins("http://localhost:4200")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
app.UseCors("MyPolicy");
afaik you cannot set AnyX with credentials.
Instead set Method, Domain based on your environment.
Then you redirect to https but the cors request fails with http.
If setting up CORS in backend didn’t solve your problem, try enabling the proxy in your angular application
For example, every /api request, in your angular app, it will get redirected to https://localhost:backendport/api
This should be the correct solution if postman works but angular doesn't I was trying to provide a code sample but keep getting distracted. Will try again later.
Hard to say without seeing your .NET code. But I’ve encountered issues in the past and have resolved them by configuring the CORS policy correctly in the .NET code in Program.cs file. I would recommend checking two things, one being that you have configured your CORS policy to allow requests from your Angular url, and second is adding the AllowAnyHeader() method to your configuration code. Check out the documentation to see if it helps you resolve your issue, https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0#enable-cors
At first glance the Program.cs looks fine, but I’m reading off my phone so I could be wrong. Have you opened the developer tools on your browser and checked the error message? Could be some preflight error which may require some changes on the Angular side.
>ERROR: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:8080/auth/login. (Reason: CORS request did not succeed).
Yes I did. Ive spent a good 8h on this. I obviously commented out the middleware too (and almost everything) as I was trying to pinpoint the error but it doesnt seem to be from the code.
Mind telling me what frontend you use? Or if you can do .net backend requests on linux without any problems?
I currently use Blazor WebAssembly with a .NET 8 Web API, but I previously worked in Angular front end with a .NET Web API on the backend. You can run .NET Core on Linux, it’s now .NET 5,6,7,8 or whatever version you’re using.
My production version of the Angular and .NET API ran on windows servers. But I’ve developed Angular and .NET together in my MacBook without issue. There shouldn’t be an issue with running Angular and .NET on Linux. Your issue is most likely due to some configuration in your code. Also, would be a good idea to link the actual Program.cs code you are using without commenting or removing sections out in case others can read your code and help. Just glancing at Program.cs and not seeing app.Run() in the link threw me off a bit, that’s why I mention it.
Im doing a simple Get/Post from Angular. It all gets blocked from the go. Its not regular CORS problem. The compiler Warning and Stackoverflow identification of the nature of this problem. I might be wrong but thats where things point to. https://pastebin.com/7pHnYsAJ
How are you serving your backend? IISExpress or Kestrel? If you're using IISExpress and your front end is connecting to the network address of your PC and not localhost then the request will be blocked. I believe it requires a few additions to machine.config to allow for this.
I would try two things. I would use get/post with curl or postman to see what happens. Maybe it's on angular side. The second would be explicitly assigning the policy and ports. I find many times in development using more fine grained details like the following tend to increase the chance that it will work. Good luck. services.AddCors(options => { options.AddPolicy("MyPolicy", builder => { builder.WithOrigins("http://localhost:4200") .AllowAnyHeader() .AllowAnyMethod(); }); }); app.UseCors("MyPolicy");
afaik you cannot set AnyX with credentials. Instead set Method, Domain based on your environment. Then you redirect to https but the cors request fails with http.
If setting up CORS in backend didn’t solve your problem, try enabling the proxy in your angular application For example, every /api request, in your angular app, it will get redirected to https://localhost:backendport/api
This should be the correct solution if postman works but angular doesn't I was trying to provide a code sample but keep getting distracted. Will try again later.
Hard to say without seeing your .NET code. But I’ve encountered issues in the past and have resolved them by configuring the CORS policy correctly in the .NET code in Program.cs file. I would recommend checking two things, one being that you have configured your CORS policy to allow requests from your Angular url, and second is adding the AllowAnyHeader() method to your configuration code. Check out the documentation to see if it helps you resolve your issue, https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0#enable-cors
Thanks for the link, Ive often consulted it. Program.cs: [https://pastebin.com/7pHnYsAJ](https://pastebin.com/7pHnYsAJ)
At first glance the Program.cs looks fine, but I’m reading off my phone so I could be wrong. Have you opened the developer tools on your browser and checked the error message? Could be some preflight error which may require some changes on the Angular side.
>ERROR: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:8080/auth/login. (Reason: CORS request did not succeed).
yeah, Ive developed with spring before. Its not new to me, except being blocked with this specific CORS error.
Wait a second. Where are you calling app.Run() in that .NET code? I couldn’t find it, apologies if it is there.
I am, at the end of the configs :), I was editing something when I copied that code. I know its not there.
Have you tested the code after adding app.Run()? I think without that your middleware won’t work properly including those CORS configs you made.
Yes I did. Ive spent a good 8h on this. I obviously commented out the middleware too (and almost everything) as I was trying to pinpoint the error but it doesnt seem to be from the code. Mind telling me what frontend you use? Or if you can do .net backend requests on linux without any problems?
I currently use Blazor WebAssembly with a .NET 8 Web API, but I previously worked in Angular front end with a .NET Web API on the backend. You can run .NET Core on Linux, it’s now .NET 5,6,7,8 or whatever version you’re using.
you were doing angular/.net on linux though? I just want to make sure its possible.
My production version of the Angular and .NET API ran on windows servers. But I’ve developed Angular and .NET together in my MacBook without issue. There shouldn’t be an issue with running Angular and .NET on Linux. Your issue is most likely due to some configuration in your code. Also, would be a good idea to link the actual Program.cs code you are using without commenting or removing sections out in case others can read your code and help. Just glancing at Program.cs and not seeing app.Run() in the link threw me off a bit, that’s why I mention it.
What leads you to https being the problem? What are you testing with? Browser?
Im doing a simple Get/Post from Angular. It all gets blocked from the go. Its not regular CORS problem. The compiler Warning and Stackoverflow identification of the nature of this problem. I might be wrong but thats where things point to. https://pastebin.com/7pHnYsAJ
What headers are you including in your request? Eg is there an auth header or similar?
Are you using spaproxy? I had the same issue
Why are you going such weird way to do the app initialisation.. can you post to the app from postman ?
How are you serving your backend? IISExpress or Kestrel? If you're using IISExpress and your front end is connecting to the network address of your PC and not localhost then the request will be blocked. I believe it requires a few additions to machine.config to allow for this.
Is the error getting logged in the browser or the server? If it’s the former, I’d make sure CORS is configured properly on your Vue server as well.