Gateway CORS Policy

[yusuffaslann]

Is there an existing issue for this?

• [X] I have searched the existing issues

Description

When I try to start the project via IIS I get cors policy error on the gateway.When I send a request using Swagger and Postman to the link where I get the Cors policy, it works fine.

Reproduction Steps

No response

Expected behavior

No response

Actual behavior

No response

Regression?

No response

Known Workarounds

No response

Version

7.0.3

User Interface

Angular

Database Provider

EF Core (Default)

Tiered or separate authentication server

Separate Auth Server

Operation System

Windows (Default)

Other information

No response

[maliming]

hi

When I try to start the project via IIS I get cors policy error on the gateway.

This is a CROS problem instead of ABP. You can check below links:

https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0 https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0#cors-in-iis

[yusuffaslann]

Do I need to create a proxy configuration file for Angular?

[maliming]

I'm not sure, You can refer to the Microsoft document.

[yusuffaslann]

I found the solution,

In all services, gateway and auth server the problem was solved when I configured the service methods to allow all cors as follows.

--gateway-- old

var builder = WebApplication.CreateBuilder(args); builder.Services.AddReverseProxy() .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy")); var app = builder.Build(); app.MapReverseProxy(); app.Run();

new var builder = WebApplication.CreateBuilder(args); builder.Services.AddReverseProxy() .LoadFromConfig(builder.Configuration.GetSection("ReverseProxy")); builder.Services.AddCors(options => { options.AddPolicy("OpenCorsPolicy", builder => builder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .SetIsOriginAllowed(origin => true) .WithHeaders("x-requested-with", "Content-Type", "Authorization")); }); var app = builder.Build(); app.UseCors("OpenCorsPolicy"); app.MapReverseProxy(); app.Run();

--auth old context.Services.AddCors(options => { options.AddDefaultPolicy(builder => { builder .WithOrigins( configuration["App:CorsOrigins"] .Split(",", StringSplitOptions.RemoveEmptyEntries) .Select(o => o.RemovePostFix("/")) .ToArray() ) .WithAbpExposedHeaders() .SetIsOriginAllowedToAllowWildcardSubdomains() .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials(); }); });

public override void OnApplicationInitialization(ApplicationInitializationContext context) { IdentityModelEventSource.ShowPII = true; var app = context.GetApplicationBuilder(); var env = context.GetEnvironment(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseAbpRequestLocalization(); if (!env.IsDevelopment()) { app.UseErrorPage(); } app.UseCorrelationId(); app.UseStaticFiles(); app.UseRouting(); app.UseCors(); app.UseAuthentication(); app.UseAbpOpenIddictValidation(); ...... }

new public override void ConfigureServices(ServiceConfigurationContext context) { context.Services.AddCors(options => { options.AddPolicy("OpenCorsPolicy", builder => builder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .WithAbpExposedHeaders() .SetIsOriginAllowed(origin => true) .WithHeaders("x-requested-with", "Content-Type", "Authorization")); }); }

public override void OnApplicationInitialization(ApplicationInitializationContext context) { IdentityModelEventSource.ShowPII = true; var app = context.GetApplicationBuilder(); var env = context.GetEnvironment(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseAbpRequestLocalization(); if (!env.IsDevelopment()) { app.UseErrorPage(); } app.UseCorrelationId(); app.UseStaticFiles(); app.UseRouting(); app.UseCors("OpenCorsPolicy"); app.UseAuthentication(); app.UseAbpOpenIddictValidation(); ..... }