Brooooo, long may you live for this solution! I checked a lot of documentation and none of it was able to explain that without removing that backslash is not gonna work... unbelievable... Huge thanks, brother.
Thank you so much! I've been trying to resolve this issue and this video helped. Awesome video! Very precise, and you emphasized things that are required.
Thanks for explaining the implementation process in details. It was really great. Just want to recommend here that please explain the concepts of PreFlight as functionally this will help to understand the flow of CORS policy how it works and why it is needed. Rest video was awesome with good audio and video quality.
Nice Demo, But In my case I am only allowed to permit specific Origins so I can use the way of "Multiple origins" but my "Multiple origins" are not in my hand.. it is coming from a database table.. so How Can I use it ???
Whey I put the api code in website with port number, and create a client MVC application to use this API with a diffrent port and site on server, It fails. Cors errors. Not sure how to fix it on server. any ideas.. still blocked.
Thank you for another great video. My question is, do I need to use CORS as a security feature if a hacker finds a way to access my API from a different domain? If I do not use CORS at all in my API, will the standard HTTPS security be enough to stop such a hack? In my case, my API is only accessible from one domain and no other domains have access to that domain, due to other internal system security measures. So I should be ok not to use CORS?
Stopping hackers need a lot of stuff, HTTPS is definitely one of those, but there are other things like authentication with a faster expiring token, etc. CORS does not open up your API for hacking, your API could be called from a console that does not need API to support CORS.
Could you help me to get rid of the error "blocked by CORS policy" when hosting at IIS? I did exactly like you did but when I set Project properties --> Debug --> Launch --> IIS then the 'Access-Control-Allow-Origin' header is still missing.
Thanks, it is comrehensive about how to configure for the APIs. But I think for new learner if you could explain that what is CORS and why it may or may not be needed would be helpful.
@nad sid, that would mean that it is not working as expected. Can you please give me a little more details on how you are using the code? Also if possible share it in GitHub or a gist.
@@DotNetCoreCentral i am facing an issue, when allowing the cors, but sending include authentication cookies from java script, Everything work except in java script. Api to web api no issue, Api to java script not working
@Görkem Genar Akkaya, I am not sure I understand what exactly google authentication has to do with a CORS implementation in your project. It will help if you can share your code in github.
If somebody of you guys have the same problem like me, that although everything is setup the same and the headers still not showing up, do you use windows authentication and anonymous is disabled? this thing was my problem, I spend hours to localize this issue. If you setup windows authentication and denying anonymous, all requests will show that now cors headers are shown. this message is misleading because the problem that those are missing is because the windows authentication failed. Unfortunately the browser doesn't tell you this and instead is crying about the cors headers. Your requests have to be changed that the windows credentials are given with the request and only then the cors policy is working like expected. cheers.
@@DotNetCoreCentral Services. Configure(options =>{ options.Filters. Add(new CorsAuthorizationFilterFactory("CorsPolicy")); }); The above code not working in core 3.1 but it works 2.2
Brooooo, long may you live for this solution! I checked a lot of documentation and none of it was able to explain that without removing that backslash is not gonna work... unbelievable... Huge thanks, brother.
@Ionut Iancu, thanks for watching!
Thank you so much! I've been trying to resolve this issue and this video helped. Awesome video! Very precise, and you emphasized things that are required.
@charmed coder, thanks for watching!
Thanks for your course, the question is:
How can we specify the origins which have Authorization value in header shouldn't be block.
Thanks for explaining the implementation process in details. It was really great. Just want to recommend here that please explain the concepts of PreFlight as functionally this will help to understand the flow of CORS policy how it works and why it is needed. Rest video was awesome with good audio and video quality.
This had me tripped up all day, great video!
@
Jake Steffen, thanks for watching!
Nice Demo,
But In my case I am only allowed to permit specific Origins so I can use the way of "Multiple origins"
but my "Multiple origins" are not in my hand.. it is coming from a database table.. so How Can I use it ???
How fix cors when we have withcredentials true from client side. This methods fails when we send request with withcredentials
Awesome video! Clear,, straight to the point explanation. Thanks a lot!
@javier gonzalez, thanks for watching!
Thank you so much ! that is what I was searching for the last two hours!!
@
amr mahdy, thanks for watching!
Please make a video on CORS from Azure API Management Services perspective.
@Sandhya Ray, sure I will try.
Whey I put the api code in website with port number, and create a client MVC application to use this API with a diffrent port and site on server, It fails. Cors errors. Not sure how to fix it on server. any ideas.. still blocked.
Thank you for another great video. My question is, do I need to use CORS as a security feature if a hacker finds a way to access my API from a different domain? If I do not use CORS at all in my API, will the standard HTTPS security be enough to stop such a hack? In my case, my API is only accessible from one domain and no other domains have access to that domain, due to other internal system security measures. So I should be ok not to use CORS?
Stopping hackers need a lot of stuff, HTTPS is definitely one of those, but there are other things like authentication with a faster expiring token, etc. CORS does not open up your API for hacking, your API could be called from a console that does not need API to support CORS.
Awesome video 👍
Thanks!
Great video...plz make a course on Asp net core API with Microservices and Azure functions,service bus ,App insights etc
@RAM, I will work on it soon!
Thanks for the help! Worked wonders !
@leigh briody, thanks for watching!
Could you help me to get rid of the error "blocked by CORS policy" when hosting at IIS? I did exactly like you did but when I set Project properties --> Debug --> Launch --> IIS then the 'Access-Control-Allow-Origin' header is still missing.
@emalashkin, I am not sure what IIS is doing, I don't even have IIS installed on my PC. I will try to see if I can reproduce this with IIS Express.
Thanks! had to remove the slash and it worked.
@Nad Bachhus, thanks for watching!
Thank you!! Really great explanation!
@Flor 😜, thanks for watching!
Thanks, it is comrehensive about how to configure for the APIs. But I think for new learner if you could explain that what is CORS and why it may or may not be needed would be helpful.
@Hasnain Ali, thanks for watching! And thanks for the very good suggestion, I will figure something out on how to fix it.
Thanks for the video, can you please tell me why I am getting No 'Access-Control-Allow-Origin' header is present cors error
@nad sid, that would mean that it is not working as expected. Can you please give me a little more details on how you are using the code? Also if possible share it in GitHub or a gist.
Great video, thanks.
Thanks
Your videos are the bests!
@Vinicius santos aguiar, thanks for watching!
Amazing, you did very well thanks alot
Thanks!
@@DotNetCoreCentral i am facing an issue, when allowing the cors, but sending include authentication cookies from java script,
Everything work except in java script.
Api to web api no issue,
Api to java script not working
Does Cors apply to api to api calls or just browser calls?
@Florin Asavei, yes it is only for Browsers, this is imposed for security reasons.
Nice👌
@Harpreet Singh, thanks for watching!
The best …perfect👏🏻
@ehsan majdi, thanks!
quick, & concise
@yep !!!
thanks for watching it!
First, thank you for this tutorial. But still I couldnt get rid of Cors error while trying to authenticate with Google. Can you help me for this ?
@Görkem Genar Akkaya, I am not sure I understand what exactly google authentication has to do with a CORS implementation in your project. It will help if you can share your code in github.
If somebody of you guys have the same problem like me, that although everything is setup the same and the headers still not showing up, do you use windows authentication and anonymous is disabled? this thing was my problem, I spend hours to localize this issue.
If you setup windows authentication and denying anonymous, all requests will show that now cors headers are shown. this message is misleading because the problem that those are missing is because the windows authentication failed. Unfortunately the browser doesn't tell you this and instead is crying about the cors headers. Your requests have to be changed that the windows credentials are given with the request and only then the cors policy is working like expected.
cheers.
Thanks so much. Great example
@Minh Pham, thanks!
clean explaination
@Rohit Pawar, thanks for watching!
Helped a lot!
@Florentin flotschi, thanks for watching!
Excellent
@keyur panchal, thanks!
Thank You brother...!
@Ashwin Kumar, thanks for watching!
How enable the cors globally in core 3.1..??
@
harish tanikonda, I am not sure what you mean by globally. The example I have shown here will enable CORS for this particular service.
@@DotNetCoreCentral
Services. Configure(options =>{
options.Filters. Add(new CorsAuthorizationFilterFactory("CorsPolicy"));
});
The above code not working in core 3.1 but it works 2.2
omg that workedddddddddddddddddddddddddd thank youuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
Great job, thanks!!!
@Katia Ferreira Eleuterio, thanks for watching!
You're a superstar
@Sim Simmer, thanks for watching!
Super bro
@mounikreddy peddy, thanks!
Thank you so much.
@Mamnoon Sami, thanks for watching!
my fkn god, im just trying to get some data in to an html to display this in obs, why has this to be so much pain?
Thanks for the vid!
Complete cors.. 👍
@mounikreddy peddy thats great!
Thank You Sir
@Fazal Abbas, thanks for watching!
Ty bro
@Winze, thanks for watching!
thx !
@S nargol, thanks for watching!
Спасибо узбэк
:D
:)