'The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time
im getting warning error saying
"Microsoft.AspNetCore.Cors.Infrastructure.CorsService|The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the policy by listing individual origins if credentials needs to be supported."
code controller
[Route("api/[controller]")]
[EnableCors("CorsPolicy")]
[ApiController]
public class MedPlusController : ControllerBase
{
}
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<Context>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("CorsPolicy");
app.UseMvc();
}
Solution 1:[1]
If you implement authentication, change AllowAnyOrigin to WithOrigins like
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.WithOrigins("http://example.com")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
If you would not use authenticaiton, you could remove .AllowCredentials() directly.
Refer Set the allowed origins
Solution 2:[2]
This is an example Startup.cs file an ASP.NET Core 3.1 API that supports CORS requests from any origin with credentials:
app.UseCors(x => x
.AllowAnyMethod()
.AllowAnyHeader()
.SetIsOriginAllowed(origin => true)
.AllowCredentials());
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Edward |
| Solution 2 | Ramin Azali |