How to fix "The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time" error

C#.Net CoreBlazor

C# Problem Overview

I've already enabled CORS on the project in C# .net Core

In startup.cs I've added lines

...
services.AddCors();
...
app.UseCors(builder => builder
    .AllowAnyOrigin()
    .AllowAnyMethod()
    .AllowAnyHeader()
    .AllowCredentials());

But when I try to use API in another Blazor project I see in logs in my API project on Host this error

> The CORS protocol does not allow specifying a wildcard (any) origin > and credentials at the same time. Configure the policy by listing > individual origins if credentials needs to be supported

My code in Blazor

using (HttpClient http = new HttpClient()) {
  http.DefaultRequestHeaders.Add("Authorization", "Token");
   var response = await http.GetStringAsync("https://example.com?prm=2");
   Console.WriteLine(response);
   dynamicContent = response;
}

Before I enable Cors I see another error in the browser console

What can I change for solving it?

C# Solutions

Solution 1 - C#

I had the same issue and I removed AllowCredentials() that fixed the issue for me.

Solution 2 - C#

You should have provided the rest of your code... Is this a Blazor client application or Razor Components application (formally known as Server-Side Blazor) ? I guess this is a Blazor client application, right ? Why do you instantiate an HttpClient ? You should use DI (Perhaps Constructor Injection) instead, injecting an HttpClient instance provided by Blazor itself.

The problem is probably server side, though it surfaces as a client one... Try the following:

Get https://www.nuget.org/packages/Microsoft.AspNetCore.Cors/

public void ConfigureServices(IServiceCollection services)
{
    services.AddCors(options =>
    {
        options.AddPolicy("CorsPolicy",
            builder => builder.AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader());
    });
     .....
}

And this:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)    
{
      app.UseCors("CorsPolicy");
}

Note, once again: CORS needs to be enabled on the server side, not in blazor. See https://docs.microsoft.com/en-us/aspnet/core/security/cors for details on how to enable CORS in ASP.NET Core.

Blazor:

 @page "/<template>"
 @inject HttpClient Http
 

@functions {
   
    protected override async Task OnInitAsync()
    {
        var response= await Http.GetJsonAsync<string>    
                      ("https://example.com?prm=2");
   
    }
    
}

Hope this helps...

Solution 3 - C#

It's little bit late, but I hope it could be helpful for someone.

If you want AllowCredentials() and AllowAnyOrigin() together just use SetIsOriginAllowed(Func<string,bool> predicate)

doc about IsOriginAllowed

        services
            .AddCors(options =>
            {
                options.AddPolicy("CorsPolicy",
                    builder => builder
                    .AllowAnyOrigin()
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    );

                options.AddPolicy("signalr",
                    builder => builder
                    .AllowAnyMethod()
                    .AllowAnyHeader()

                    .AllowCredentials()
                    .SetIsOriginAllowed(hostName => true));
            });

Solution 4 - C#

I also faced same issue, and I found solution here:

Setup Any Origin And Any Credentials

Change your CORS setup in startup.cs file like this

public void ConfigureServices(IServiceCollection services)
{
    // ...
    services.AddCors(options =>
    {
    	options.AddDefaultPolicy(builder => 
            builder.SetIsOriginAllowed(_ => true)
            .AllowAnyMethod()
            .AllowAnyHeader()
            .AllowCredentials());
    });
}

It works for me.

Solution 5 - C#

Step 1 Install nuGet package :
Microsoft.AspNetCore.Cors

Step 2 add

services.AddCors();

in startup.cs under ConfigureServices

Step 3 add

    app.UseCors(x => x
                .AllowAnyMethod()
                .AllowAnyHeader()
                .SetIsOriginAllowed(origin => true) // allow any origin
                .AllowCredentials());

in startup.cs under Configure

Solution 6 - C#

You cannot use both AllowAnyOrigin() and AllowCredentials() at the sametime so change your code to:

...
services.AddCors();
...
app.UseCors(builder => builder
    .WithOrigins("https://example.com")
    .AllowAnyMethod()
    .AllowAnyHeader()
    .AllowCredentials());

Solution 7 - C#

I had the same issue, the problem was solved by removing slash( / ) from the ending of URL, because I always copy and paste urls from chrome browser and it has the / at the end :

  .WithOrigins("https://localhost:60576/")  // not working

but

  .WithOrigins("https://localhost:60576")  // working  !!!
Categories
Recommended C# Solutions
Recommended .Net Core Solutions
Recommended Blazor Solutions

Previous Solution:

Why `downlevelIteration` is not on by default?

Typescript

Next Solution:

Bundler: can't find gem bundler (>= 0.a) with executable bundle (Gem::GemNotFoundException) during bundle install with gem

Ruby on-RailsRubyRubygemsBundleBundler

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionIgor CovaView Question on Stackoverflow
Solution 1 - C#NicoView Answer on Stackoverflow
Solution 2 - C#enetView Answer on Stackoverflow
Solution 3 - C#Constantine NikolskyView Answer on Stackoverflow
Solution 4 - C#Kurniawan PrasetyoView Answer on Stackoverflow
Solution 5 - C#B.NishanView Answer on Stackoverflow
Solution 6 - C#Mohamed AnasView Answer on Stackoverflow
Solution 7 - C#nAviDView Answer on Stackoverflow