This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi, I have an error with - fetch that been blocked "by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers" .
Each method as GET, POST makes an error, but due to different requests.
Now I really don't know why is this happening and I worked for hours to search that cause and solution, it's the same error as I had with e GET but needs different changes which I don't know what (frustrating)
I tried many changes for the POST function below but didn't worked!
Games.js
const postResulttoDB = async () => {
let gameData = {
user1: gameResult.p1,
user2: gameResult.p2,
};
try {
const fetchResponse = await fetch(URL, {
method: 'POST',
headers: {
'Content-type': 'application/json; charset=UTF-8',
},
body: JSON.stringify(gameData)
});
const data = await fetchResponse.json();
return data;
} catch (err) {
return console.log('error catch', err);
}
Program.cs - GET method function is working with this code
var _Policy1 = "Policy1";
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddCors(options =>
{
options.AddPolicy(name: _Policy1,
policy =>
{
policy.WithOrigins("http://example.com",
"http://www.contoso.com",
"http://localhost:19008",
"http://localhost:19009").AllowAnyMethod();
});
});
builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var app = builder.Build();
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseCors(_Policy1);
app.UseAuthorization();
app.MapControllers();
app.Run();
Access to fetch at 'http://www.whatywant.com/api/SetGameResults' from origin 'http://localhost:19008' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.
POST http://www.whatywant.com/api/SetGameResults net::ERR_FAILED
Addition
With that I get no error but still no data is being passed to the Database, I see no error -
js
body: JSON.stringify(gameData),
method: 'POST',
headers: {
Accept: 'application/json',
'Content-type': 'application/json; charset=UTF-8',
},
cs
options.AddPolicy("PolicyPOST",
policy =>
{
policy.WithOrigins("http://example.com",
"http://www.contoso.com",
"http://localhost:19008",
"http://localhost:19009").AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
I'm glad we have the Q&A here so wonderful people can help.
Thanks in advance!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
the error says you are using custom headers (Content-type), but your CORS policy does not allow custom headers. add
.AllowAnyHeader()
I allowed it and still get the same error -
Controller.cs
[EnableCors("PolicyPOST")]
[HttpPost]
[Route("SetGameResults")]
Program.cs
policy.WithOrigins("http://example.com",
"http://www.contoso.com",
"http://localhost:19006",
"http://localhost:19007").AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
Didn't you see it in my question ?
you had examples with and without. but the error is about the header. are you trying to send a content-type header with a GET? are you sending credentials? see:
Ok thanks it does work now!
It passes the parameters to the ASP .net.
Now I put try catch in the HttpPost
method and I catch an SQL exception.
Ty
I posted another question about it -
getting-sqlexception-when-passing-parameters-from-client-side-react-but-not-wh
And marked your answer as accepted.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 36%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
Hi @daowdos ,
Microsoft documentation states that if you want to use JavaScript to access resources on the server, then you must call app.UseCors() before app.UseStaticFiles().
https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-6.0#usecors-and-usestaticfiles-order
> Typically, UseStaticFiles is called before UseCors. Apps that use JavaScript to retrieve static files cross site must call UseCors before UseStaticFiles.
app.UseHttpsRedirection();
app.UseCors(_Policy1); // This should be above the UseStaticFiles();
app.UseStaticFiles(); // Below the UseCors();
Best regards,
Lan Huang
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
On the contrary, of course you misunderstood.
It's has to be like that -
app.UseStaticFiles();
app.UseRouting();
app.UseCors();
Hi @daowdos ,
It's described in the documentation, I think I read it right.
Hi, Ok I'm sorry,
Because my other GET fetch method in JavaScript is working perfectly fine with these above CORS setting.
I don't know why, what should I do now.
Ty
Hi @daowdos ,
You can try to install the cors node module and add it to the requested server.
npm install cors
inside the main scripts index.js or app.js
const cors = require("cors");
app.use(cors());
Best regards,
Lan Huang
Because I change the order of app.UseCors() and UseStaticFiles()
I get this ERROR and not a single function ASP.net is working now -
system.InvalidOperationException: Endpoint ToeWebApplication.Controllers.GamesController.GetGameStatistics (ToeWebApplication) contains CORS metadata, but a middleware was not found that supports CORS.
Configure your application startup by adding app.UseCors() in the application startup code. If there are calls to app.UseRouting() and app.UseEndpoints(...), the call to app.UseCors() must go between them.
I don't have app.UseEndpoints(...)
Install npm install cors with the order mention in the docs will still give error.
Many npm packages I installed only cause my project not to start - full of errors,
So I need to know why exactly I install this,
I much prefer not to install and to solve this issue with cod.
Hi @daowdos ,
Make sure you place the UseCors code between app.UseRouting(); and app.UseAuthentication();
CORS configuration and coding is server side only. The browser implements the client side. the npm CORS modules are for node based web servers (connect/express).
the asp.net min api configures app.UseEndpoints() automatically.