Issue
Here is the code from the example:
builder.Services.AddCors(options =>
{
options.AddPolicy(name: "MyPolicy",
policy =>
{
policy.WithOrigins("http://example.com",
"http://www.contoso.com",
"https://cors1.azurewebsites.net",
"https://cors3.azurewebsites.net",
"https://localhost:56055",
"https://localhost:5001")
.WithMethods("PUT", "DELETE", "GET");
});
});
Here is a screenshot of the Response Headers
Solution
When I inspect the response headers, I do not see a
Access-Control-Allow-Origin
response header as I do with the live example URL.Why is this? Why is that header missing?
No, you cannot see the response-header
unless you don't expose that explicitly. Usually, the browser doesn't expose all of the response headers to the app. You have to use .WithExposedHeaders("x-custom-header");
to implement that. See the updated code below:
var myCorsPolicy = "MyCorsPolicy";
builder.Services.AddCors(options =>
{
options.AddPolicy(myCorsPolicy,
policy =>
{
policy.WithOrigins("http://example.com",
"http://www.contoso.com",
"https://cors1.azurewebsites.net",
"https://cors3.azurewebsites.net",
"https://localhost:56055",
"https://localhost:5001")
.WithExposedHeaders("kiron-test-custom-header")
.WithMethods("PUT", "DELETE", "GET");
});
});
app.UseCors(myCorsPolicy);
Output:
Note:
You can set any header
you want to expose using .WithExposedHeaders("any-custom-header")
. You can check here in the official document
Answered By - Md Farid Uddin Kiron
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.