CORS is a security feature that prevents malicious websites from making unauthorized requests to a different domain. ASP.NET Core provides an easy way to configure CORS for web applications by using the Microsoft.AspNetCore.Cors package. Developers can enable CORS for all origins, headers, and methods or configure CORS to only allow specific origins, headers, and methods.
An example of a CORS rules:
app.UseCors(builder =>
builder
.WithOrigins("http://domain.com")
.AllowAnyMethod()
.AllowAnyHeader());
To enable CORS in ASP.Net Core Web API, these are the steps we need to follow :-
- Install the CORS middleware.
- Register CORS middleware to the pipeline in the ConfigureServices method of Startup.cs.
- Enable CORS in the Configure method of Startup.cs.
- Enable/Disable CORS in the controllers, the action methods, or globally.