Understanding CORS with ASP.NET Core C#

Epic explanation! Gets directly into the golden collection 😍Thank you!

rustamhajiyev

Great work ! Keep it up. Really appreciable !

READBOOKIQBAL

Well explained. I understand it a bit better now. I already knew how to fix the errors but this added a bit more depth to my understanding. I never saw it done the manual way before, it makes more sense. Thanks.

newmonengineering

Well explained, one of the best video I have watched for CORS. Thanks for that.

fdyreog

Another great well explained video. Thanks heaps for making it.

stephenadams

Thank you, thank you and thank you! Finally I got to understand this topic. Really well explained as always. Again thanks!

col_rod

Nice clear overview! If you needed to dynamically apply CORS configuration based on the request (which origin, is the request authenticated, ect...) can this be done with the built-in ASPNET Core "UseCors" middleware or should this be a completely custom built middleware?

seangwright

Very informative like no other. Thank you!

meetingattender

Still trying to figure out what CORS actually protects from: CORS is easily bypassed, for starters. As soon as you have the server set up to allow certain origins, methods, etc, then you no longer have the same security level (the session mechanism will be sent over just like normal). I don't get how this helps with security.

davestorm

Thanks Anton for the awesome video
how to load origins dynamically from database ?

Tamer_Ali

I have one question about the first part of the video. Unless I missed it, there was no preflight request for Is it implicit? The server still has to first reply, and tell the browser that it allows CORS, right?

gti

You are a god thank you. very nice video💙

fjoeclj

I have several POST endpoints in my controller, how can I allow CORS only for one of them and disallow it for others?

vdrychyk

That minimal api apps are very confusing - I'm missing the part where OtherApp is calling an API. EDIT: Nvm - fetching a server app from otherapp console does this.

kpg

As someone not already familiar with CORS at this depth I found this a little too fast. Especially when it came to the allow credentials part where Creds and "cookies" seem to get conflated and from the point I was completely lost. Will have re-watch to see if I can unpick it.

codingbloke

are you reading my messages?? I literally just asked this question holy shi* man holy falgget blacakaty magati shiiii- Thank Yoouuuu

ahmedifhaam

I've been reading and looking around to understand CORS and I got a pretty good idea about it now. I have a problem where the preflight, when my webapi is deployed to the server, always returns a 401 Unauthorized. I'm calling the webapi from a vue-site installed on the same server but different site and port. I used the app.useCors but it still didn't work when deployed. So then I expliclty put the headers for allowing origins but I still get the 401 from the preflight/OPTIONS request. In chrome I don't see the allow-origins header on for the options request and the console says the header is missing but I know for a fact that I send it. So I don't understand why the 401?? Oh, and all GET requests work just fine, it's the preflight with OPTIONS that get the 401.. Anyone has any idea about how to solve it?

SergeiFedorov

Thanks for well explained video, can I use CORS to allow or disallow calls to my APIs from mobile apps ? if yes How to do so ?

marwanalakrass