Asp.Net Core CORS and SSL

Question

My situation is my frontend is built with reactjs and my backend built with asp.net core 2.2

-frontend: https://example.com/sub-directory -with valid certificate

-backend: https://198.38.xx:5001 -windows server without a valid certificate

how can I communicate into my backend if my frontend requiring SSL I always got network error?

Startup.cs

services.AddCors(options =>
            {
                options.AddPolicy(MyAllowSpecificOrigins,
                builder =>
                {
                    builder
                    .WithOrigins("https://example.gov.ph", "http://example.gov.ph")
                    .AllowCredentials()
                    .AllowAnyHeader()
                    .AllowAnyMethod();
                });
            });

app.UseCors(MyAllowSpecificOrigins);

config.json my frontend code

{
  "apiUrl": "https://198.38.x.x:5001/api",
  "url": "https://198.38.x.x:5001",
  "profilePictureUrl": "https://198.38.x.x:5001/Public/Employees/Photos",
  "selectOptionLimit": 10,
  "fileSizeLimit": 10,
  "pageSize": 20,
  "gridSize": { "col": 4, "row": 3 }
}

Answer 1

When browsers make cross domain calls using XHR, they request CORS headers to decide whether the target server allows access to the source domain.

  public void ConfigureServices(IServiceCollection services)
    {
        // ...
        services.AddCors(options =>
        {
            options.AddPolicy("CorsPolicy",
                builder => builder.WithOrigins("https://example.com/sub-directory")
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials());
        });

        services.AddMvc();
        // ...

    }
    public void Configure(IApplicationBuilder app)
    {
        // ...
        app.UseCors("CorsPolicy");
        // ...
    }

Answer 2

You should be able to add that in your Startup class configuration

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";

    public IConfiguration Configuration { get; }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddCors(options =>
        {
            options.AddPolicy(MyAllowSpecificOrigins,
            builder =>
            {
                builder.WithOrigins("https://example.com/sub-directory");
            });
        });

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseHsts();
        }

        app.UseCors(MyAllowSpecificOrigins); 

        app.UseHttpsRedirection();
        app.UseMvc();
    }
}

Asp.Net Core CORS and SSL

Question

2 answers

solution1
0 2019-10-16 08:01:16

solution2
-1 2019-10-16 07:13:57

Asp.Net Core CORS and SSL

Question

2 answers

solution1 0 2019-10-16 08:01:16

solution2 -1 2019-10-16 07:13:57

solution1
0 2019-10-16 08:01:16

solution2
-1 2019-10-16 07:13:57