The Enabling Cross-Origin Resource Sharing (CORS) standard allows a web server to relax the same-origin policy that prevents a browser from sending API requests to domains other than that of the web application. Browsers enforce the same-origin policy to protect their users from many kinds of attacks that attempt to send data to other sites.Â
In ASP.NET Core, it's very easy to configure the domains that are allowed to use your API, and the type of HTTP methods they can use.Â
First, add the CORS middleware by adding these lines to the ConfigureServices method in your Startup class:
public void ConfigureServices(IServiceCollection services)
{
service.AddCors()
}
Than, configure the CORS policy in your Startup.Configure method. For example, the following code shows how you can configure your web application to allow requests...