In appsettings.json
{
"Cors": {
"default": {
"Methods": [ "GET", "POST" ],
"Origins": [ "http://www.example.com" ]
},
"AllowAll": {
"Headers": ["*"],
"Methods": ["*"],
"Origins": ["*"],
"SupportsCredentials": false
}
}
}Note: See CorsPolicy documentation to see which properties to use
Note: Setting SupportsCredentials with a Wildcard (*) Origin is not supported by the specification and will not work!
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
//Replaces the use of services.AddCors()
services.AddCorsPolicies(Configuration);
/// ...
// Add framework services.
services.AddMvc();
/// ...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseCors("AllowAll");
}
else
{
app.UseCors();
// or
app.UseCors("<my named cors policy>");
}
/// ...
app.UseMvc();
}