I implemented an ASP.NET API (.NET 8)
. All endpoints works as it should when I am debugging, but when I deploy this API into my local IIS, it throws me the following error:
Access to fetch at 'https://localhost:7162/Scene' from origin 'http://localhost:3001' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
This error only happens on HttpPut
and HttpDelete
endpoints and, as I said, when it is deployed into my local IIS.
I have configured my CORS policies like this:
app.UseCors(x => x
.AllowAnyHeader()
.AllowAnyMethod()
.SetIsOriginAllowed(origin => true)
.AllowCredentials());
If someone could help me on what could be happening, I will be very grateful.
Thanks everyone!
2
Answers
Make sure app.UseCors is called before app.UseAuthorization() and after app.UseRouting() in your Startup.cs. The order in which they appear is crucial
Also, In your web.config file, you might need to add specific settings to allow all headers or the ones necessary for your application to work.
You should add to web.config WebDAVModule and WebDAV in publish files like this: