Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

CORS Error: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request. #10065


User avatar
0
dauren created

- product version: 10.0 - product type: ASP.NET Core & jQuery - framework type .net core - ABP v6

Access to XMLHttpRequest at https://*******/api/services/app/RequestsPub/CreateNewRequest from origin https://example.com has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

I have CORS enabled in Web.Hosts project, in Startup.cs:

services.AddCors(options => { options.AddPolicy(DefaultCorsPolicyName, builder => { //App:CorsOrigins in appsettings.json can contain more than one address with splitted by comma. builder .WithOrigins( // App:CorsOrigins in appsettings.json can contain more than one address separated by comma. _appConfiguration["App:CorsOrigins"] .Split(",", StringSplitOptions.RemoveEmptyEntries) .Select(o => o.RemovePostFix("/")) .ToArray() ) .SetIsOriginAllowedToAllowWildcardSubdomains() .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials(); }); });

and:

app.UseCors(DefaultCorsPolicyName); //Enable CORS!

also, as pointed in asp.net zero docs, in appsettings.json file of Web.Hosts project I added the domain:

"App": { "ServerRootAddress": "https://localhost:44301/", "ClientRootAddress": "http://localhost:4200/", "CorsOrigins": "http://*.mycompany.com,http://localhost:4200,http://localhost:9876,https://example.com" "SwaggerEndPoint": "/swagger/v1/swagger.json", "AllowAnonymousSignalRConnection": "true" },

When I use CreateNewRequest API endpoint in Postman it works ok. But when I use the endpoint from https://example.com domain it gives me error.

What could be the problem.


2 Answer(s)
  • User Avatar
    0
    dauren created

    Nevermind this question, it was my bad, I figured it out.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Thanks @dauren :)