Login/Register
The Same Origin Policy disallows reading the remote resource
Asked Answered
Solved javascriptsslfirefoxcorsasp.net-core-2.0
A

2

9

I am getting a problem with possibly Cors. I am doing local dev(react frontend, asp.net core 2 api backend).

Both IE 11 and Chrome have no problem, but Firefox has a problem with my requests.

I just keep getting "Network Error" from my calls.

I disabled "HSTS" in firefox and now I am seeing a "warning message"

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:44391/api/tokens/auth. (Reason: CORS request did not succeed).

In my cor right now to make dev simple I just have

public void ConfigureServices(IServiceCollection services)
{
   services.AddCors();
    ...
}




 public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
                  app.UseCors(builder => builder
                .AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials());
}
Avalanche answered 19/7, 2018 at 17:41 Comment(0)
U
26

I had the same issue, but it turned out that the CORS error was a bit of a red herring. I opened the Developer Console in Firefox, clicked on the Options request under Network and then went to the security tab. I saw the following:

An error occurred mozilla_pkix_error_self_signed_cert

I fixed this by going to the Properties for my .Net Core app in Visual Studio. I selected Debug from the menu on the left hand side. There was a checkbox on the page called Enable SSL along with a URL (https://localhost:44358/ in my case). I browsed to this page in Firefox, got a warning page, added a security exception for it and everything worked as expected after that.

If you don't see the warning page clear your cache as per the suggestions here: Certificate Issue

University answered 17/8, 2018 at 4:1 Comment(9)
Yep, had to add an exception to my certs in FF(support.mozilla.org/en-US/questions/1204169) and put in my https localhost url in.Avalanche
Wow you weren't kidding about the CORS red herring, so many hours wasted. Going to my https endpoint and accepting the risk in Firefox has resolved this. Thanks!Sidero
Thank you. This was getting very annoying trying to fix a supposedly CORS error while developing an Angular application.Holocrine
My god i spent way too long on this. What a misleading crap! Here I was messing with .UseCors options when in reality it's just firefox being a lil bitch. All I had to do to confirm this was the error before going into this was to open up my localhost on Chrome instead.Laudanum
Brilliant! I had exactly the same issue, and went on the same wild goose chase. Thank you for your answer including the Visual Studio reference.Aggress
This error message is pretty confusing. I opened a Firefox ticket.Koweit
Note BTW: if you've hit such an issue with Firefox, what can help is finding the broken request in network panel and clicking "open in new tab". When there's a TLS certificate issue, when opening the URL in the top level, you will see it there, contrary to the console.Koweit
for people looking for how to: it.nmu.edu/docs/adding-security-exception-your-browser Just go to the url you're trying to fetch from and accept the security risksCongruency
I'm getting the same but the certificate is valid.Ordination
A
0

I had a similar but different red herring "CORS" issue with Firefox that may be worth noting. I'm using the js-based Google Places address auto-complete. It worked fine in local and our QA environment, but wasn't in our newly deployed production environment.

After an embarrassing amount of time spent searching, checking, and going after settings and security, I came to realize that Firefox's uBlock Origin extension was not yet exempted for our PROD environment/domain. Disabled uBlock and things were fine. So watch out for ad blockers messing with it.

Ardyth answered 13/11, 2023 at 18:16 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.