How to enable cross origin requests in ASP.NET MVC [duplicate]

Question

I am trying to create a web application which works with cross-origin requests (CORS) in MVC 5. I have tried everything without any result.

With an attribute

public class AllowCrossSiteJsonAttribute: ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
            filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");

        base.OnActionExecuting(filterContext);
    }
}

With EnableCors attribute

 [EnableCors("*")]

Nothing works I'm starting to think that it is impossible

Have you read the samples: asp.net/web-api/overview/security/… — Sami Kuhmonen
– Sami Kuhmonen, Commented Oct 17, 2016 at 5:47
I found the solution in this post : forums.asp.net/post/5795304.aspx — manuelmejiaio
– manuelmejiaio, Commented Jun 14, 2018 at 20:06

Yogi · Accepted Answer · 2016-10-17 06:41:29Z

68

Add the configuration setting in your web.config file to set the value for Access-Control-Allow-Origin in customHeaders like this -

<configuration>
 <system.webServer>
   <httpProtocol>
     <customHeaders>
       <add name="Access-Control-Allow-Origin" value="*" />
     </customHeaders>
   </httpProtocol>
 </system.webServer>
</configuration>

You would like to visit this and this for more details and some other options.

edited Oct 17, 2016 at 6:41

answered Oct 17, 2016 at 6:33

Yogi

9,8693 gold badges49 silver badges64 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

Istiyak Over a year ago

it is showing the result like this: "from origin '127.0.0.1:8787' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status."

sports Over a year ago

In my case, I needed to set "Access-Control-Allow-Origin" with "*" as indicated in this answer, but.... I also needed to add this to my angularjs clientside $http call: headers: {'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8'}

Community · Accepted Answer · 2017-05-23 11:55:02Z

60

What I think is the most convenient is to create your own class like this :

with the following code in it :

using System;
using System.Web.Mvc;

public class AllowCrossSiteAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "http://localhost:4200");
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Headers", "*");
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Credentials", "true");

        base.OnActionExecuting(filterContext);
    }
}

After this it's let you use this decorator on a method or on the whole controller

You should be able to see that in your response header after this procedure

Thank's to this response

edited May 23, 2017 at 11:55

CommunityBot

11 silver badge

answered May 11, 2017 at 10:00

fitch

1,1041 gold badge11 silver badges17 bronze badges

2 Comments

Ibraheem Over a year ago

You should also include filterContext.RequestContext.HttpContext.Response.AddHeader("Vary", "Origin");

Ishara Samintha Over a year ago

but i got error as "EventSource's response has a MIME type ("application/json") that is not "text/event-stream". Aborting the connection"

Alex Nguyen · Accepted Answer · 2016-10-17 06:46:48Z

1

I think you have to add it into "OnAuthentication" step or add config into your web config. You can try my code :) it works

 public class AllowCrossSiteJsonAttribute : ActionFilterAttribute, IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
        }

    }

edited Oct 17, 2016 at 6:46

answered Oct 17, 2016 at 6:34

Alex Nguyen

1,09012 silver badges28 bronze badges

Comments

PointZeroTwo · Accepted Answer · 2017-06-01 19:22:12Z

1

I've had success using the OWIN CORS implementation (nuget Microsoft.Owin.Cors) to enable Cors for MVC Controllers and Owin middleware, in addition to ApiControllers. Microsoft.AspNet.WebApi.Cors (using config.EnableCors() and the [EnableCors] attribute) only seems to work with ApiControllers.

See http://benfoster.io/blog/aspnet-webapi-cors for sample code.

answered Jun 1, 2017 at 19:22

PointZeroTwo

2,3641 gold badge18 silver badges17 bronze badges

1 Comment

Flo Over a year ago

Best answer if you don't want to use the wildcard '*'.

Rakesh Chaudhari · Accepted Answer · 2017-06-28 12:37:33Z

1

You can also use below code to allow cross-origin request

public void ProcessRequest (HttpContext context)
        {
     context.Response.AddHeader("Access-Control-Allow-Origin" , "*");
}

answered Jun 28, 2017 at 12:37

Rakesh Chaudhari

3,5461 gold badge32 silver badges26 bronze badges

2 Comments

Captain Kenpachi Over a year ago

Where does this code go?

Rakesh Chaudhari Over a year ago

inside global.asax file

Mostafiz · Accepted Answer · 2016-10-17 06:16:24Z

-2

Enabling CORS in mvc 5(core) first need to add Microsoft.AspNetCore.Cors package to your project. Then configure startup.cs like this for all website

public void ConfigureServices(IServiceCollection services)
 {
     services.AddMvc();
     //Add Cors support to the service
     services.AddCors();

     var policy = new Microsoft.AspNet.Cors.Core.CorsPolicy();

     policy.Headers.Add("*");    
     policy.Methods.Add("*");          
     policy.Origins.Add("*");
     policy.SupportsCredentials = true;

     services.ConfigureCors(x=>x.AddPolicy("AllPolicy", policy));

 }


 public void Configure(IApplicationBuilder app, IHostingEnvironment  env)
 {
     // Configure the HTTP request pipeline.

     app.UseStaticFiles();
     //Use the new policy globally
     app.UseCors("AllPolicy");
     // Add MVC to the request pipeline.
     app.UseMvc();
 }

and then also you can use like this

[EnableCors("AllPolicy")]

Details here

edited Oct 17, 2016 at 6:16

answered Oct 17, 2016 at 5:45

Mostafiz

7,3523 gold badges30 silver badges42 bronze badges

5 Comments

Petar Bechev Over a year ago

An error: EnableCors doesn't take origins parameter

Mostafiz Over a year ago

which version of asp.net mvc you are using ?

Mostafiz Over a year ago

ohh for 5 things are different, check out the link in my update

Mostafiz Over a year ago

check update, I have added for mvc 5

Anh Hoang Over a year ago

This solution is for .net core mvc, not suitable for mvc 5 (.net framework)

Hakan Fıstık · Accepted Answer · 2019-09-07 21:02:16Z

-6

To enable cross-origin requests, add the [EnableCors] attribute to your Web API controller or controller method:

[EnableCors(origins: "http://systematixindia.com", headers: "*", methods: "*")]
public class TestController : ApiController
{
   // Controller method`enter code here`s not shown...
}

3 Comments

daniil_ Over a year ago

Your solution is for Web Api, read the title of question! It doesn't work for MVC.

Omar Isaid Over a year ago

this code can be added for Global configuration public static class WebApiConfig { public static void Register(HttpConfiguration config) { // To do : Set at global place ex web.config EnableCorsAttribute corsConfig = new EnableCorsAttribute("", "", "GET,POST"); // Web API configuration and services config.EnableCors(corsConfig);

Kappacake Over a year ago

@OmarIsaid That class (WebAPIConfig.cs) is not there in MVC projects

Collectives™ on Stack Overflow

How to enable cross origin requests in ASP.NET MVC [duplicate]

7 Answers 7

2 Comments

2 Comments

Comments

1 Comment

2 Comments

5 Comments

3 Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

7 Answers 7

2 Comments

2 Comments

Comments

1 Comment

2 Comments

5 Comments

3 Comments

Linked

Related