These two URLs have the same origin:
πππππ://ππ-ππππΎ-ππ-π£.πΌππ/π¦πΎπ/π§πΊππππΊπ¬πΊππΊππΊ
πππππ://ππ-ππππΎ-ππ-π£.πΌππ/π¦πΎπ/π π
π
π¨ππΆπΎπ
π
These URLs have different origins
πππππ://ππ-ππππΎ-ππ-π£.πΌππ/π¦πΎπ/π§πΊππππΊπ¬πΊππΊππΊ
ππππ://ππ-ππππΎ-ππ-π£.ππΎπ/π¦πΎπ/π π
π
π¨ππΆπΎπ
π
To facilitate requests from different origins you need to enable CORS in .NET.
In .NET 6 by using the combination of these methods you can enable CORS as per your requirement.
ππ₯π₯π¨π°ππ§π²ππ«π’π π’π§: This policy allows requests from any origin.
ππ’ππ‘ππ«π’π π’π§π¬: This policy allows requests from specific origins. You can specify one or more origins as arguments to this method.
ππ₯π₯π¨π°ππ§π²ππππππ«: This policy allows requests with any header.
ππ’ππ‘ππππππ«π¬: This policy allows requests with specific headers. You can specify one or more headers as arguments to this method.
ππ₯π₯π¨π°ππ§π²ππππ‘π¨π: This policy allows requests with any HTTP method (e.g., GET, POST, PUT, DELETE).
ππ’ππ‘ππππ‘π¨ππ¬: This policy allows requests with specific HTTP methods. You can specify one or more methods as arguments to this method.
Few Things to Keep in mind
βοΈCORS is not a security feature. CORS is a W3C standard that allows a server to relax the same-origin policy.
βοΈAn API isn't safer by allowing CORS.
βοΈIt's a way for a server to allow browsers to execute a cross-origin request that otherwise would be forbidden.
βοΈBrowsers without CORS can't do cross-origin requests.
Top comments (0)