RESTFUL Web Services based on .NET Core 3.1 getting blocked Access to XMLHTTPRequest has been blocked by CORS Policy on IIS 10.0 windows server 2019

Ram Chenna 101 Reputation points
2021-11-24T08:39:33.217+00:00

RC
Ram ChennaCreated on November 24, 2021
RESTFUL Web Services based on .NET Core 3.1 getting blocked Access to XMLHTTPRequest has been blocked by CORS Policy on IIS 10.0 windows server 2019
Hello Team,

We are having a REACT web application hosted on IIS 10.0 and which is calling the RESTFUL Web Services based on .NET Core 3.1.

The RESTFUL Web Services are also hosted on IIS 10.0 on IIS10.0 within Windows Server 2019.

When we reach the very first page of the REACT application it calls a RESTFUL Web Service API to Get some data from the database.

It gives us a message that

Access to XMLHTTPRequest has been blocked by CORS Policy on IIS 10.0.: No 'Access-Control-Allow-Origin header is present on the requested resource.

Adding the screenshot as well

Image

What is it that the IIS 10.0 on Windows 2019 Server issue and why is it blocking and i am unable to complete the web service request.

Tried everything for the past 1 week and getting frustrated over this.

Any help provided would be good .

Thanks

Ram

Internet Information Services
0 comments No comments
{count} votes

Accepted answer
  1. Ram Chenna 101 Reputation points
    2021-11-25T17:13:46.753+00:00

    Hello Bruce and SamWu,

    The issue is resolved as we checked via the Developer toolkit and the Swagger. We checked the API if it is working, this is where it was connecting to an incorrect database outside of the domain to a different environment and that is where it was blocking.

    We corrected the database connection string within the appsettings.json and it is now working fine.

    We can now close the issue

    Thanks for your support and help.

    Thanks
    Ram

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Bruce (SqlWork.com) 52,401 Reputation points
    2021-11-24T15:55:21.957+00:00

    There are two common causes

    First your restful api did not implement CORS support for the react site

    https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-6.0

    Or the restful site is returning the error page, which does not implement CORS

    Use the browsers network debugging to determine.

    0 comments No comments

  2. Sam Wu-MSFT 6,701 Reputation points Microsoft Vendor
    2021-11-25T02:01:11.523+00:00

    @Ram Chenna

    Have you tried to enable cors in iis? if not, you can try to add header information into web.config at the root of your application/site:

    <system.webServer>  
          <httpProtocol>  
            <customHeaders>  
              <add name="Access-Control-Allow-Origin" value="*" />  
              <add name="Access-Control-Allow-Headers" value="Content-Type" />  
              <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />  
             <add name="Access-Control-Allow-Credentials" value="true" />  
            </customHeaders>  
          </httpProtocol>  
      </system.webServer>  
    

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.