Skip to main content



Cross-Origin Requests (CORS) in ASP.NET Core Web API

This blog is going to explain what a Cross Origin Request (CORS) is and how to implement it in ASP.NET Core web API. When a web page tries to access resources from a different webpage it is blocked by the browser security feature. This feature is called the Same Origin Policy (SOP). In many cases the developer has to access resources of different origins. In such cases CORS helps to relax the Same Origin Policy. There are 3 ways to enable CORS in ASP.NET core. Middleware (name policy or default policy) Endpoint routing [EnableCORS] attribute Let’s see that with the example. Imagine you have an API which returns some JSON values. It’s URL is https://localhost:44351/api/Home. When trying to access another domain URL(https: // localhost: 44389 /) from the client page, it will give you the following error message. Access to XMLHttpRequest at 'https://localhost:44351/api/Home' from origin 'https://localhost:44389' has be

Latest Posts

Local Storage in Blazor using Blazored

JavaScript Interoperability in Blazor

Entity Framework Core (EF) with SQL Server LocalDB

SignalR with JavaScript in ASP.NET Core MVC

View-Based Authorization in ASP.NET Core

Policy-Based Authorization in ASP.NET Core

Startup Class in ASP.NET Core

In-Memory Cache in ASP.NET Core

ASP.NET Core Web API Documentation with Swagger

Role-Based Authorization in ASP.NET Core MVC