EP 15 : What is CORS (Cross Origin Resource Sharing ) and how to enable them in .NET Core 6.0?
Read Time : 4 Mins
A big thank you to our sponsors who keep this newsletter free to the reader.
Today's issue is sponsored by Milan .NET Weekly Newsletter. It's a newsletter about the best practices with .NET & software architecture. More than 22,000+ engineers get one practical tip every week to improve their skills. Check it out here
In today’s newsletter we are going to discuss
What is CORS
Different available methods
How to enable them with and without restrictions
Important things to keep in mind about CORS
What is CORS
CORS stands for Cross Origin Resource sharing, so what exactly is cross origin, let’s understand with some dummy URLs.
These two URLs have the same origin:
URL No 1 : https://www.facebook.com/GetFriends
URL No 2 : https://www.facebook.com/GetPosts
These URLs have different origins
URL No 1: https://www.facebook.com/GetFriends
URL No 2 :https://www.twitter.com/GetFollowers
Suppose we have an .NET Core Web API which is responsible for data and we have three different applications with different origins that use that API , so here comes the concept of CORS in action. We need to enable the CORS to
Facilitate requests from different origins
To get away from browsers same origin policy
Browsers without CORS can't do cross-origin requests.
Different available methods
In .NET 6 by using the combination of these methods we can enable CORS as per our need.
𝐀𝐥𝐥𝐨𝐰𝐀𝐧𝐲𝐎𝐫𝐢𝐠𝐢𝐧: This policy allows requests from any origin.
𝐖𝐢𝐭𝐡𝐎𝐫𝐢𝐠𝐢𝐧𝐬: This policy allows requests from specific origins. You can specify one or more origins as arguments to this method.
𝐀𝐥𝐥𝐨𝐰𝐀𝐧𝐲𝐇𝐞𝐚𝐝𝐞𝐫: This policy allows requests with any header.
𝐖𝐢𝐭𝐡𝐇𝐞𝐚𝐝𝐞𝐫𝐬: This policy allows requests with specific headers. You can specify one or more headers as arguments to this method.
𝐀𝐥𝐥𝐨𝐰𝐀𝐧𝐲𝐌𝐞𝐭𝐡𝐨𝐝: This policy allows requests with any HTTP method (e.g., GET, POST, PUT, DELETE).
𝐖𝐢𝐭𝐡𝐌𝐞𝐭𝐡𝐨𝐝𝐬: This policy allows requests with specific HTTP methods. You can specify one or more methods as arguments to this method.
How to enable them with and without restrictions
Following code demonstrates how to enable CORS and allow request from any origin with any header and any method in Program.cs
We can restrict those requests to few origins as well , following code displays how to allow only Get/Put requests from few origins.
Instead of getting policy name from appsetting we can pass direct string as well like
options.AddPolicy(name : “_AllowAnyOriginPolicy”)
Important things to keep in mind about CORS
✔️CORS is not a security feature. CORS is a W3C standard that allows a server to relax the same-origin policy.
✔️An API isn't safer by allowing CORS.
Whenever you’re ready , there are 3 ways I can help you
Promote yourself to 3200+ subscribers by sponsoring my Newsletter (Reach me at mwaseemzakir@gmail.com)
Become a Patron and get access to 100+ .NET Questions and Answers , I add 2-5 new questions every week
Get my FREE eBook from Gumroad that contains 30 .NET Tips (Downloaded by 2000+ and 85+ five star ratings)
Special Offers 📢
Ultimate ASP.NET Core Web API Second Edition - Premium Package
10% off with discount code: 9s6nuez