CORS Policy in ASP.NET with identity
Question
I published API to IIS server and everything works fine despite of one function:
Error only shows up when we test a function on localhost, but if i use postman everything work. That is the only place in my code where i use Cors:
What can i do to allow sendind request on localhost?
1 answers
solution1
0 2021-07-23 08:50:56
It works through postman because CORS is a browser implementation thing. Which is also why some calls might work through older IE versions. Postman does not check the CORS header and thus does not care.
CORS is to prevent XSS (I believe).
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS is great reading on the subject.
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources.
So basically it is telling you that the token service does not allow you to call it cross-origin.
CORS is a response header that the browser checks.
- Browser sends request to token service
- Token service responds.
- Browser checks if CORS is allowed.
- No.
- Fail the "request".
TLDR; CORS is a response header, that the browser checks for whether or not to allow the response to go through to you. The header must be set by the service you are calling.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.