I have a ASP.NET 5 Web API (Well, MVC now anyway) back-end which I am consuming in with the axios library in my JS app.
My CORS config in MVC is the following:
If you're using UseHttpsRedirection, make sure your app is calling the https URL and not the http one or you'll get a CORS error even though the Accept-Header-Allow-Origin header is returned.
You have to add Cors before MVC. The registration order of the middleware is important. If Cors is registered after mvc it will never be called. They are called in the order of registration.
Once cors process the request, it will pass it to next middleware (Mvc)
This is what worked for me as I was having the same problem with CORS in conjunction with axios.
Assuming that you have set up the API correctly and you have decorated the class in the API Controller with:
[EnableCors("YourCorsPolicy")]
(you will need to add the statement "using Microsoft.AspNetCore.Cors;" to your class too)
Then you need to use the following in your axios-auth.js file:
axios.defaults.headers.common['Access-Control-Allow-Origin'] = '*'
This then worked fine for me over https. This is my complete axios-auth if you need a guide.
import axios from 'axios'
const instance = axios.create({
baseURL: 'https://localhost:56799/api'
})
axios.defaults.headers.common['Access-Control-Allow-Origin'] = '*'
axios.defaults.headers.get['Accepts'] = 'application/json'
axios.defaults.headers.post['Content-Type'] = 'application/json; charset=utf-8'
export default instance
I hope this is useful.