0

I have .NET core 5.0 webapi that I need to use from an Angular application, they are both running on the same machine.

The error that I get is:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5000/api/Game/GetPossibleMoves. (Reason: CORS request did not succeed).

What have I done/tryed

  1. Read and try to apply other answers from SO
  2. Enabled CORS on the backend .NET core 5.0
  3. Included httpOptions on the frontend Angular
  4. Disabled windows firewall (is not the reason)

In the ConfigureServices I have tried :

/* attempt 1 services.AddCors(options => { options.AddDefaultPolicy( builder => { //builder.WithOrigins("http://example.com", "http://www.contoso.com"); //This is done this way to facilitate connecting frontend and backend //but this should be changed to enforce certain origins or methods builder.AllowAnyOrigin(). ; }); }); */ /* attempt 2 services.AddCors(options => options.AddPolicy("ApiCorsPolicy", builder => { builder.WithOrigins("http://localhost:4200").AllowAnyMethod().AllowAnyHeader(); })); */ services.AddCors(c => { c.AddPolicy("AllowOrigin", options => options.AllowAnyOrigin()); }); services.AddControllers();

In the Configure method

 app.UseRouting(); //app.UseCors("ApiCorsPolicy"); app.UseCors(options => options.AllowAnyOrigin());

In the Angular fronted this how I try to call a GET on the API

import { Injectable } from '@angular/core'; import { HttpClient, HttpHeaders } from '@angular/common/http'; import { Observable } from 'rxjs'; @Injectable({ providedIn: 'root' }) export class BackendService { private readonly getMovesURL = 'http://localhost:5000/api/Game/GetPossibleMoves'; private httpOptions: any; constructor(private http: HttpClient) { this.httpOptions = { observe: 'body', responseType: 'json', /* headers: new HttpHeaders({ 'Access-Control-Allow-Origin':'*' }) */ headers:{'Access-Control-Allow-Origin':'*'} }; } getGameMoves(): Observable<any> { console.log('calling: GetPossibleMoves'); return this.http.get<string[]>(this.getMovesURL, this.httpOptions); } }

I have also tried withou any headers, No matter which combination I try, including answer to very similar issues here in SO. Always return these errors

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5000/api/Game/GetPossibleMoves. (Reason: CORS request did not succeed).

enter image description here

Improve this question
4
  • Order of the pipeline matters put app.UseCors(); at the top of your Configure() Commented Mar 10, 2021 at 3:11
  • At least now the error has changed to Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5000/api/Game/GetPossibleMoves. (Reason: header ‘access-control-allow-origin’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response). Commented Mar 10, 2021 at 3:16
  • 2
    Hmm, I assume the issue is because you added 'Access-Control-Allow-Origin' headers on your angular side. Remove that and give it a try. Commented Mar 10, 2021 at 3:18
  • That is exactly what I did just now - thanks so much, please post it as answer to give credit. Commented Mar 10, 2021 at 3:19

1 Answer 1

Reset to default
3

Order of the pipeline matters put app.UseCors(); at the top of your Configure().

Remove headers:{'Access-Control-Allow-Origin':'*'} on the angular side to resolve:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5000/api/Game/GetPossibleMoves. (Reason: header ‘access-control-allow-origin’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.