Plesk Question posted in
The official documentation for Plesk Obsidian can be found here.

.NET Core CORS policy block – Plesk

There are two applications on the iis server, one is react with the front end and the other is the back end. web api works as a subdomain. forexample, api.mydomain.com.

I get the following error when I send a web api request from the front end.

Access to XMLHttpRequest at ‘https://api.mydomain.com/api/auth/login’
from origin ‘https://.mydomain.com’ has been blocked by CORS policy:
Response to preflight request doesn’t pass access control check: No
‘Access-Control-Allow-Origin’ header is present on the requested
resource.

        services.AddCors(options =>
        {
            options.AddPolicy("AllowOrigin",
                builder => builder.WithOrigins("https://*.mydomain.com").AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
        });

app.UseCors("AllowOrigin");

Do I need to change IIS settings, where should I change?

SOLUTION:

  1. First of all, set all the cors settings from web config to "*".
  2. Second, turn off modsecurity from the plesk panel.
Tags:

2

Answers


  1. 0

    If you are hosting your web application on IIS you need to let IIS know about the cors Policy as well.

    you have to edit your web config as explained here:

    https://enable-cors.org/server_iis7.html

    Login or Signup to reply.
  2. 0

    implemented in version 2.0.0

    options.AddPolicy("MyCorsPolicy",
       builder => builder
          .SetIsOriginAllowedToAllowWildcardSubdomains()
          .WithOrigins("https://*.mydomain.com")
          .AllowAnyMethod()
          .AllowCredentials()
          .AllowAnyHeader()
          .Build()
       );
    app.UseCors("MyCorsPolicy");

    https://learn.microsoft.com/fr-fr/dotnet/api/microsoft.aspnetcore.cors.infrastructure.corspolicybuilder.setisoriginallowedtoallowwildcardsubdomains?view=aspnetcore-2.2

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search