0

So here is my setup

  • API = api.dev.mydomain.com
  • SPA = dev.mydomain.com

the cors is not working here, is it because the SPA is the parent and the api is the subdomain?

CORS setup:

builder.Services.AddCors(opt =>
{
    opt.AddPolicy(policy, builder =>
    {
        builder
        .WithOrigins(new string[]
        {
            "http://*.mydomain.com",
            "http://localhost:4200",
        })
        .SetIsOriginAllowedToAllowWildcardSubdomains()
        
        .AllowAnyHeader()        
        .AllowAnyMethod()
        .AllowCredentials()
        ;
    });
});


builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)

WebApplication app = builder.Build();
app.UseCors(policy);

if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();
homerio
  • 1
  • 2
  • Please don't post code as picture and instead use code blocks to insert your code. – Mushroomator Aug 05 '23 at 13:58
  • In addition, it works in my localhost, but the it doesn't work after I deployed it. I'm also using CookieAuthenticationDefaults.AuthenticationScheme – homerio Aug 05 '23 at 14:54
  • have you added `app.UseCors(policy);`? – MRP Aug 05 '23 at 14:57
  • @MRP I've updated the content. :-) that's my current code – homerio Aug 05 '23 at 15:02
  • all seems good though! Are you sure you are using HTTP and not HTTPS? – MRP Aug 05 '23 at 15:03
  • Just an HTTP only. and I've noticed that the GET METHOD works in production, except the POST (which is the login). But as I've said all of these works in my localhost. – homerio Aug 05 '23 at 15:27
  • Have you checked what happnend, if both API and SPA in subdomain or in main domain? Does the CORS still persist? – Md Farid Uddin Kiron Aug 07 '23 at 09:17
  • Oh hey, actually it's not the cors that cause the issue, there was an exception inside my api, after I fixed that everything works. I was fooled by the CORS error. hehe. if in case you also encounter this, make sure that there is no other error in your api. – homerio Aug 08 '23 at 08:57
  • Okay, thanks for the update that you issue has been resolved. – Md Farid Uddin Kiron Aug 10 '23 at 09:27

0 Answers0