Aspnetcore.docs: Confused about how to set up CORS based on this document
I don't understand how to enable cors based on this document. There is a headline that says "Enable CORS" and then under it, it says: "Call AddCors in Startup.ConfigureServices:". And then, under that, is another headline that says "Enabling CORS with middleware" and then says "To enable CORS..." So which is it? Do I need to only do the first headline? Or do I need to do the first headline AND the second one? Or is the second one a different path than the first? I feel like these options don't provide a clear path to follow. So this article could be re-organized to say, "if you want to do it this way, follow this path", and "if you want to do it this other way, follow this other path", and "these options apply no matter which path you follow". But right now it seems that we've chosen to go all directions at once.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 59bca5db-1196-2a8b-a0d8-4e89b2382288
- Version Independent ID: d3f332c4-4c60-039e-0e1e-bc6b11831f87
- Content: Enable Cross-Origin Requests (CORS) in ASP.NET Core
- Content Source: aspnetcore/security/cors.md
- Product: aspnet-core
- GitHub Login: @Rick-Anderson
- Microsoft Alias: riande
rhires
All 6 comments
Hello @rhires ... _Do both._ The CORS services must be added to the service collection and the middleware has to be triggered in the request processing pipeline. The basic pattern for ASP.NET Core framework-provided middleware scenarios is that an .AddXXXXX extension method is called to add the services to the container (AddCors in this case) in ConfigureServices. Then at some point in the pipeline (in Configure), the middleware is triggered in processing a request with a .UseXXXXX call (UseCors in this case). That's a standard pattern that you'll see over-and-over.
The reason these latter topics pertaining to each framework capability don't provide additional information is that the topics in the Fundamentals area cover the basics. We hope that devs access that content before getting into these specific scenario topics.
guardrex
on 3 Sep 2018
Thank you! Is this little bit that you wrote in the docs somewhere? Knowing that pattern in the concise way you explained is really helpful.
And to your point about the rest - I found this document through a google search (of course ;-) ) and I do know some of this stuff, but hadn't sussed out the pattern as you describe it.
Thanks again!
PS should this remain open since you've added it to the backlog?
rhires
on 4 Sep 2018
this little bit that you wrote in the docs somewhere
It's in those links, especially the first two.
Yes, let's leave this open for a sec for discussion.
@Rick-Anderson @scottaddie Do you feel that in many/most places where our reference topics describe adding services and adding middleware to the pipeline (especially the middleware-focused topics) we should link to those two App startup sections? If so, you can raise the priority and assign this to me if you want on the backlog. If not, we can close.
guardrex
on 4 Sep 2018
I'll let @scottaddie make the call.
Rick-Anderson
on 4 Sep 2018
@guardrex I recommend some small organizational changes in the doc. Enabling CORS with middleware and Enabling CORS in MVC should be sections within "Enable CORS". The gerunds should be removed from the headings as well. There should be lead-in text at the end of the Enable CORS section that explains the following sections represent different approaches to take.
scottaddie
on 6 Sep 2018
@scottaddie I'll add the updates to https://github.com/aspnet/Docs/pull/8420.
guardrex
on 6 Sep 2018
Related issues
royshouvik
·
3Comments
wgutierrezr
·
3Comments
madelson
·
3Comments
Rick-Anderson
·
3Comments
AnthonyMastrean
·
3Comments