CORS error from API
pdelcogliano opened this issue · 3 comments
I'm sorry, but I don't have a ton of information. I've been given access to source code with little to no knowledge available to understand how it works.
SUMMARY
I am getting CORS errors in the browser when calling any JsonAPI endpoint.
DETAILS
The Web app, a React SPA, is calling my API. Within my API I am calling JsonAPI to make additional REST calls. The application is hosted in Azure as an App Service and sits behind Azure FrontDoor. I've modified the App Service to allow all origins (*) and still receive a CORS error in the browser. I do not understand why this error occurs despite allowing all origins.
I'm stuck at the moment and hope someone has come across this issue in the past. Any insights will be invaluable.
VERSIONS USED
- JsonApiDotNetCore version:
- ASP.NET Core version: 8
- Entity Framework Core version:
- Database provider: Azure SQL
Hi @pdelcogliano, thanks for reaching out. I'm not deeply familiar with CORS, but issues related to it haven't been reported here before.
I'm afraid you'll need to dig a little deeper to identify which system is misbehaving. Here are some links that may help:
- https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/troubleshoot-cross-origin-resources
- https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
- https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0
I'm not saying you should, but if you're adding CORS in the JSON:API project, ensure that UseCors() is called before UseJsonApi().
Fur further analysis, I'd recommend using a tool like Postman or an .http file in VS to send GET/POST/PATCH/OPTIONS requests with the headers a browser sends, then verify whether the response is correct according to the HTTP spec. This way you can inspect preflight as well. You can use the GettingStarted project in this repo, which uses an auto-created Sqlite database and is easy to deploy. Then test with/without FrontDoor, locally/remote etc. to gain insights and identify which system causes the problem. Hope that helps.
Hi @pdelcogliano, have you been able to get to the bottom of this? Do you need this issue to remain open?
Closing due to lack of response.