CORS how to allow preflight requests with IIS Express VS Debugger and with credentials (authentication)

I have enabled CORS as follows

Program.cs

builder.Services.AddCors();

var app = builder.Build();
 
app.UseRouting();

app.UseCors(x => x.AllowAnyMethod().AllowAnyHeader().AllowCredentials().SetIsOriginAllowed(origin => true));
 
app.UseAuthentication();

Client

const axiosClient = axios.create({
   baseURL: configuration.apiUrl,
   headers: { "Content-type": "application/json" },
   withCredentials: true });

Server (LaunchSettings.json)

 "CustomProfile": {
      "commandName": "IISExpress",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development",
        "ASPNETCORE_HOSTINGSTARTUPASSEMBLIES": "Microsoft.AspNetCore.SpaProxy"
      }
    },
  "iisSettings": {
    "windowsAuthentication": true,
    "anonymousAuthentication": false,
    "iisExpress": {
      "applicationUrl": "http://localhost:60737",
      "sslPort": 44358
    }
  }

When I call

// Get records list
axiosClient.get('records').then((res: AxiosResponse) => res.data)

I get Status Code 200 with the data and the user was authenticated at the backend.

But when I call

// Create new record
axiosClient.post('record', createCommand).then((res: AxiosResponse) => res.data)

I get following error message

Access to XMLHttpRequest at 'https://localhost:44358/api/records' from origin 'https://localhost:44414' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

any idea what might be wrong and how to fix it?

Recommended topics

Hot tags