2

I have a web api on a IIS server using .Net Core 3.1.

It is using the IP and Port of: http://68.181.207.10:8473

I also have 3 web applications that run on the same IIS server. 2 of the apps are .Net 4.7 apps and 1 is a .Net Core app.

The 3 web apps all use the web api.

The 3 apps are:

https://meta.astro.usc.edu (port 443)

http://old.astro.perl.edu (port 80)

http://68.181.207.10 (port 80)

I have set up the API to use CORs, and for the most part, everything is ok and they connect to the API without any issues.

But there are times when I will still run into CORs errors even though I have added all the needed URLs.

In the top of my ConfigureServices method, I am adding the needed URLs that will need access, like this:

public void ConfigureServices(IServiceCollection services) { services.AddCors(options => { options.AddPolicy(MyAllowSpecificOrigins, builder => { builder.WithOrigins("http://68.181.207.10:8473", "https://meta.astro.usc.edu", "http://old.astro.perl.edu", "http://68.181.207.10") .AllowAnyMethod() .AllowAnyHeader(); }); }); }

Then in my Configure method, I am adding app.UseCors as you can see below:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseHsts(); } app.UseRouting(); app.UseCors(MyAllowSpecificOrigins); app.UseHttpsRedirection(); app.UseMvc(); }

Is this the proper way of allowing these other web apps to connect to my web api?

The CORs errors seem random and the origins are always one of my 3 web apps. One doesn't seem to cause more errors than an another.

How can I prevent the intermittent CORs errors that I still receive?

Thanks!

Improve this question
9
  • 1
    You write The CORs errors seem random and the origins are always one of my 3 web apps. One doesn't seem to cause more errors than an another.. But you specify 4 sites in WithOrigins. I suspect there are http/https issues here. I also see that app.UseHttpsRedirection(); comes before app.UseCors in doc, maybe have a look into that too. Commented Dec 10, 2020 at 15:42
  • @RoarS. I added http://68.181.207.10:8473, which is the URL for the web api itself. I added that out of desperation...it didn't really seem to help anything though. Commented Dec 10, 2020 at 15:49
  • 2
    OPTIONS request are preflight requests. Please look for requests that are not returning 2XX. Commented Dec 10, 2020 at 18:04
  • 2
    Those requests came through and should be considered as app errors. Hence, there is chance that you don't have any CORS-errors at all. Commented Dec 10, 2020 at 18:15
  • 1
    You also need to install IIS CORS module to be installed and configured, learn.microsoft.com/en-us/iis/extensions/cors-module/… to properly handle the edge cases when IIS handles CORS requests, not your ASP.NET Core web app. Commented Dec 10, 2020 at 20:42

2 Answers 2

Reset to default
1

Check for Internal Server Errors (500) in problematic requests

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

After some discussion with OP, this issue might not relate to CORS at all after OP discovered 4XX-errors in the logs.

Improve this answer

3 Comments

The thing I don't understand is that why would a 4XX error cause a CORs error to display in the browser console? THanks
If you are sure there are CORS-errors, you will still have to check the logs. May I ask what your source is for the CORS errors?
I've def. had other errors "cause CORS in the browser"... literally just now left an appsettings.json with invalid json (typo) and result was CORS in browser for the UI requesting from the API that was misconfigured. Dunno why.. but..

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.