skip to Main Content

I’m getting the following CORS Error when using PUT or DELETE requests.

getting this cors error in chrome

When i use POST or GET, requests are working whitout any problems.
On localhost all requests types are working, even there are different domains used as well.

Already checked the following:

  • Simplified the Rules as much as possible (AllowAny…)
  • Checked the Middleware order according to the official Documentation

But still no sucess.

Does anybody has a hint on this?

My Program.cs

   var builder = WebApplication.CreateBuilder(args);

//Adding Cors default plicy with almost no requirements
builder.Services.AddCors(options =>
{
    options.AddDefaultPolicy(
        policy =>
        {
            policy.AllowAnyOrigin();
            policy.AllowAnyMethod();
            policy.AllowAnyHeader();
        });
});


builder.Services.AddControllers();

builder.Services.AddSwaggerGen(c =>
{
    //Swagger config removed for stackoverflow
});

builder.Services.AddDbContext<ApplicationDbContext>(options =>
{
   //Db Context options removed for stackoverflow
});

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
    //Authentication options removed for stackoverflow
});

builder.Services.AddHttpContextAccessor();

//adding repositories and services removed for stackoverflow
//builder.Services.AddScoped....    
//builder.Services.AddSingleton...

var app = builder.Build();

//seed database
using (var scope = app.Services.CreateScope())
{
    //database seeding removed for stackoverflow
}

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.ConfigureExceptionHandler();

app.UseHttpsRedirection();
app.UseRouting();

//After Routing, before Authorization
app.UseCors();


app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();

app.Run();

2

Answers


  1. Chosen as BEST ANSWER

    After a few investigations and communication with my webhoster, i found the problem as well as a solution for it:

    IIS will activate the WebDav Module, wich disables PUT and DELETE requests. To get your requests running could disable WebDav directly in IIS. But at every restart of the application pool WebDav will be enabled again.

    See here as well: https://fantinel.dev/dotnet-core-405-error/

    So what i did, is to add a web.config file to my .net core api and disabled WebDav there. After this, CORS is working like a charm.

    <system.webServer>
      <modules runAllManagedModulesForAllRequests="false">
        <remove name="WebDAVModule" />
      </modules>
    </system.webServer>
    

  2. I’ve looked in our WASM application we build last year. In there I see this:

            app.UseAuthentication();
    
            app.UseCors(policy =>
                    policy.AllowAnyOrigin()
                    .AllowAnyMethod()
                    .AllowAnyHeader());
    
            app.UseAuthorization();
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search