All geek questions in one place

How to enable cors everywhere in asp.net web api core

I found this site: https://docs.microsoft.com/en-us/aspnet/core/security/cors

However, I am confused about how to enable it all over the world, because it seems that there are two ways to do this, what is the difference between the two methods? or are they doing 2 different things?

public IConfigurationRoot Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { //https://docs.microsoft.com/en-us/aspnet/core/security/cors services.AddCors(options => { options.AddPolicy("AllowSpecificOrigin", builder => builder.WithOrigins("http://example.com") .AllowAnyHeader() ); }); services.Configure<MvcOptions>(options => { options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSpecificOrigin")); }); // Add framework services. services.AddMvc(); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); app.UseCors("AllowSpecificOrigin"); app.UseMvc(); }
+5
source share
1 answer

Calls in ConfigureServices simply add Cors services rather than configure them (including creating an hte policy). By adding a filter, you make it global, but I understand that UseCors (in Configure) is the preferred way to add it around the world. All that the filter code does is force an attribute on all controllers, and UseCors effectively does the same, only in another part of the stack. I believe that UseCors will not do this just like MVC calls, so it is different.

+4
source

Source: https://habr.com/ru/post/1265449/

More articles:


All Articles