How to fix "The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time" error
C#.Net CoreBlazorC# Problem Overview
I've already enabled CORS on the project in C# .net Core
In startup.cs
I've added lines
...
services.AddCors();
...
app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
But when I try to use API in another Blazor
project I see in logs in my API project on Host this error
> The CORS protocol does not allow specifying a wildcard (any) origin > and credentials at the same time. Configure the policy by listing > individual origins if credentials needs to be supported
My code in Blazor
using (HttpClient http = new HttpClient()) {
http.DefaultRequestHeaders.Add("Authorization", "Token");
var response = await http.GetStringAsync("https://example.com?prm=2");
Console.WriteLine(response);
dynamicContent = response;
}
Before I enable Cors I see another error in the browser console
What can I change for solving it?
C# Solutions
Solution 1 - C#
I had the same issue and I removed AllowCredentials()
that fixed the issue for me.
Solution 2 - C#
You should have provided the rest of your code... Is this a Blazor client application or Razor Components application (formally known as Server-Side Blazor) ? I guess this is a Blazor client application, right ? Why do you instantiate an HttpClient ? You should use DI (Perhaps Constructor Injection) instead, injecting an HttpClient instance provided by Blazor itself.
The problem is probably server side, though it surfaces as a client one... Try the following:
Get https://www.nuget.org/packages/Microsoft.AspNetCore.Cors/
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
});
.....
}
And this:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseCors("CorsPolicy");
}
Note, once again: CORS needs to be enabled on the server side, not in blazor. See https://docs.microsoft.com/en-us/aspnet/core/security/cors for details on how to enable CORS in ASP.NET Core.
Blazor:
@page "/<template>"
@inject HttpClient Http
@functions {
protected override async Task OnInitAsync()
{
var response= await Http.GetJsonAsync<string>
("https://example.com?prm=2");
}
}
Hope this helps...
Solution 3 - C#
It's little bit late, but I hope it could be helpful for someone.
If you want AllowCredentials()
and AllowAnyOrigin()
together just use SetIsOriginAllowed(Func<string,bool> predicate)
services
.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
);
options.AddPolicy("signalr",
builder => builder
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
.SetIsOriginAllowed(hostName => true));
});
Solution 4 - C#
I also faced same issue, and I found solution here:
Setup Any Origin And Any Credentials
Change your CORS setup in startup.cs file like this
public void ConfigureServices(IServiceCollection services)
{
// ...
services.AddCors(options =>
{
options.AddDefaultPolicy(builder =>
builder.SetIsOriginAllowed(_ => true)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
}
It works for me.
Solution 5 - C#
Step 1
Install nuGet package :
Microsoft.AspNetCore.Cors
Step 2 add
services.AddCors();
in startup.cs under ConfigureServices
Step 3 add
app.UseCors(x => x
.AllowAnyMethod()
.AllowAnyHeader()
.SetIsOriginAllowed(origin => true) // allow any origin
.AllowCredentials());
in startup.cs under Configure
Solution 6 - C#
You cannot use both AllowAnyOrigin()
and AllowCredentials()
at the sametime
so change your code to:
...
services.AddCors();
...
app.UseCors(builder => builder
.WithOrigins("https://example.com")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
Solution 7 - C#
I had the same issue, the problem was solved by removing slash( / ) from the ending of URL, because I always copy and paste urls from chrome browser and it has the / at the end :
.WithOrigins("https://localhost:60576/") // not working
but
.WithOrigins("https://localhost:60576") // working !!!