Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

No 'Access-Control-Allow-Origin' header is present on the requested resource #5772


User avatar
0
gpoluccimv created

I am a long time customer of ASP.NET ZERO and have used this product at several companies. I think i've bought 3 licenses so far, and i'm on my fourth soon. I just recently switched to Angular 2 and Asp.net Core. Perhaps it wasn't the best decision. My project is using v5.5.2 of Asp.Net Zero's Angular 2 with ASP.NET Core template.

I am trying to deploy my application to IIS. The aspnet_core application that hosts swagger and the service comes up and runs fine. It is running on https://subdomain.domain.com:8080.

On the same server I have the Angular_UI running on https://subdomain.domain.com as the Default Web Site. My understanding is that these are two different origins and CORS information should be passed between them.

In appsettings.production.json I have the follwing:

"App": { "WebSiteRootAddress": "https://subdomain.domain.com/", "ServerRootAddress": "https://subdomain.domain.com:8080/", "ClientRootAddress": "https://subdomain.domain.com/", "CorsOrigins": "https://subdomain.domain.com,http://subdomain.domain.com/,http://localhost:49152", },

Again, the Swagger UI comes up just fine and i am able to successfully execute CheckDatabase; i am also able to use the Authorize button to login successfully.

When the Angular application starts up it shows a gray page and the loading spinner. It then times out on the request below with the following error:

Failed to load https://subdomain.domain.com:8080/AbpUserConfiguration/GetAll: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://subdomain.domain.com' is therefore not allowed access.

I have searched this forum and the wider web to figure this out without luck. Can anybody help me? It's urgent, as i am demooing this for the CEO during his board meeting early this week.

Many thanks!


7 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    Is it possible that the environment is not correct and the configuration information of appsettings.json is used.

  • User Avatar
    0
    gpoluccimv created

    I think that's not possible that appsettings.json is being used, because the changes that I make in appsettings.production.json are picked up. Here is more information that i forgot to add:

    The site is hosted on AWS and the public domains use SSL, which is terminated, i believe, by the load balancer or some other element. When the requests reach my machine they are all in http, not https. This is okay, because both sites are hosted without SSL on IIS.

    I've thought about hosting the Angular2 website as the default web site and hosting the aspnet_core site as a sub application, but they use different app pools, and i'm not sure if it can be done. This would be my preference, because then they could both run on port 80, and would only be differentiated by path, not subdomain.

    It is imperative i get this functioning in the next 24 hours, so $50 USD to the one who helps me get it working (please have paypal or venmo).

    Thanks!

  • User Avatar
    0
    gpoluccimv created

    I am currently investigation an issue on AWS where even though CORS information may be being passed it is stripped out by the service unless it is enabled for that resource through the AWS service. I believe this may actually be what is keeping it from working. I will let this forum know when the test is complete.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @gpoluccimv

    CORS might not be the problem here. Are there any error message on the server-side log file (App_Data/Logs/Logs.txt) ?

  • User Avatar
    0
    gpoluccimv created

    There is no such corresponding directory. Are you sure this is created under an ASP.NET core hosting scenario? Also, another thing to note is that I did get this working by launching the chrome browser in a mode where it ignores CORS. Also, i've changed CORS to accept any origin and published it, but it still doesn't work. It is specifcally saying, 'No 'Access-Control-Allow-Origin' header is present on the requested resource.' - This tells me its being stripped out by AWS. I'm waiting for our tech lead to make those changes to test my theory.

    Here's the article i've found: https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

  • User Avatar
    0
    vladsd created

    we saw that issue on one of the servers from our farm. it turned out that server had core 2.1.4 sdk installed. once uninstalled, that server worked again. framework has cors check, make sure to disable it with .AllowAnyOrigin() if you do not want it in startup.cs

  • User Avatar
    0
    ryancyq created
    Support Team

    hi @gpoluccimv, the log file path is specified in Web.Host/log4net.config