3,597 questions
with CORS the api defines the domains that are allowed to access. in you case you want the domain https://localhost:44354 to have access. this the value you want to register with CORS on your MVC site.
CORS Issue When Making POST Request from React Frontend to ASP.NET MVC API
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 87%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Mehak
40
Reputation points
I'm facing a CORS (Cross-Origin Resource Sharing) issue while trying to make a POST request from my React frontend to an ASP.NET MVC API. I've tried various solutions but haven't been able to resolve the problem. Here are the details of my setup and the issue I'm encountering:
Background:
- I have a React frontend application hosted on
https://localhost:44354. - I'm trying to make a POST request to an API endpoint hosted at
https://your-api-domain.com/Account/Login.
Issue Description:
When I make the POST request, I receive the following error message:
Access to XMLHttpRequest at 'https://your-api-domain.com/Account/Login' from origin 'https://localhost:44354' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
CORS Configuration:
- On the server-side (ASP.NET MVC), I've configured CORS as follows:
- In the
MvcApplicationclass, I've added the following line inApplication_Start()method:
var corsPolicy = new EnableCorsAttribute("https://your-api-domain.com/Account/Login", "", ""); GlobalConfiguration.Configuration.EnableCors(corsPolicy); On the client-side (React), I'm using theaxioslibrary to make the request:
- In the
const response = await axios.post(`${appDomain}/Account/Login`, {
email: username,
password: password,
}, {
headers: {
'Content-Type': 'application/json',
}
});
Network Information:
- I've tested the API request using different tools and encountered the same CORS issue consistently.
Browser Behavior:
- The issue occurs across different browsers, including Chrome, Firefox, and Edge.
Steps Taken:
- I've tried adding specific headers in the request as mentioned in various online resources, but the issue persists.
- I've also attempted adjusting the CORS configuration on the server-side and the client-side, but haven't been successful.
Any help or guidance would be greatly appreciated. If you need more information or code snippets, please let me know. Thank you in advance for your assistance!
Developer technologies ASP.NET Other
{count} votes
-
AgaveJoe 30,126 Reputation points2023-08-29T11:47:10.9366667+00:00 The response could be an error message and the code that produces the error message might not be CORS enabled. Try viewing the HTTP response in the browser's dev tools. You can get to the response in the Network tab. Click on the request that caused the CORS error and view the response.
I've tested the API request using different tools and encountered the same CORS issue consistently.
This detail is confusing since CORS only affects browsers. What other client tools did you use?
I've also attempted adjusting the CORS configuration on the server-side and the client-side, but haven't been successful.
You did not share the entire CORS configuration so we can't verify the configuration is correct.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 36%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
Lan Huang-MSFT 30,186 Reputation points Microsoft External Staff2023-08-30T06:52:18.2866667+00:00 Hi @Mehak,
From the code you've provided, it looks like you're not setting the headers.
public EnableCorsAttribute(string origins, string headers, string methods);**headers:**Comma-separated list of headers that are supported by the resource. Use "*" to allow all. Use null or empty string to allow none.
Sign in to comment
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 77,686 Reputation points Volunteer Moderator2023-08-29T18:21:39.92+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 56.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Johan Smarius 470 Reputation points MVP2023-08-29T19:40:32.42+00:00 You added the wrong URL to the cors config. The WebAPI must specify which clients can connect to the API. So you probably need something like this.
var corsPolicy = new EnableCorsAttribute("https://localhost:44354", "**", "post*");
In this config, I also specified that only post methods are allowed to make the config more restrictive.