Aspnetcore.docs: What is the purpose of parameterless AddCors method?
I can register cors services without configuring policies:
services.AddCors()
What actually happens under the covers?
Could you add the explanation to this article, please?
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 59bca5db-1196-2a8b-a0d8-4e89b2382288
- Version Independent ID: d3f332c4-4c60-039e-0e1e-bc6b11831f87
- Content: Enable Cross-Origin Requests (CORS) in ASP.NET Core
- Content Source: aspnetcore/security/cors.md
- Product: aspnet-core
- GitHub Login: @Rick-Anderson
- Microsoft Alias: riande
voroninp
All 11 comments
Via https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-2.2#enable-cors-with-attributes
You need to add a policy.
Rick-Anderson
on 8 Mar 2019
@Rick-Anderson Sorry, but it didn't become clearer =(
There are overloads for both UseCors and AddCors methods which do not accept any parameters. In code snippets AddCors is always called with policies configifuration. UseCors is called differently.
voroninp
on 8 Mar 2019
@pranavkm what's the purpose of register cors services without configuring policies:
services.AddCors()
It's meant for scenarios where the application specifies a custom policy provider that isn't backed by CorsOptions.
pranavkm
on 8 Mar 2019
@Rick-Anderson , would be nice to capture that in docs ;-)
voroninp
on 8 Mar 2019
@pranavkm OK if I add that to the doc?
Rick-Anderson
on 8 Mar 2019
Writing a custom policy provider isn't common and we don't expect most users to write one. AddCors is just as usable if you separately register the options type later. It's also usable if you write middleware that expects users to separately configure CORS. There could be others I'm not aware of.
I'd be happy to entertain documenting it if it were part of a coherent document that says if you were doing this scenario and happen to require CORS, here's what you would need to do. But adding docs that says you might use this overload in these non-exhaustive cases is helpful to anyone.
pranavkm
on 8 Mar 2019
Thanks @pranavkm . This issue is very discoverable and will serve as the documentation.
Rick-Anderson
on 9 Mar 2019
@Rick-Anderson
In ConfigureServices I an write:
services.AddCors(options =>
{
options.AddDefaultPolicy(builder => builder.AllowAnyOrigin().AllowAnyMethod());
});
and in Configure:
app.UseCors(builder => builder.AllowAnyOrigin().AllowAnyMethod());
I still do not get how do these calls relate to each other. They seem to do the same thing. Or not?
voroninp
on 11 Mar 2019
@voroninp you're calling AllowAnyOrigin().AllowAnyMethod() off two different methods.
Rick-Anderson
on 11 Mar 2019
@Rick-Anderson ,
This discussion makes me feel like this guy =)
off two different methods?
Yes, UseCors and AddCors. But what is for what? How does semantic of these calls differ? In both cases I am working with PolicyBuilder. Which call do I need when?
voroninp
on 11 Mar 2019
Related issues
danroth27
·
3Comments
Rick-Anderson
·
3Comments
fabich
·
3Comments
davisnw
·
3Comments
AnthonyMastrean
·
3Comments
Most helpful comment
@Rick-Anderson ,
This discussion makes me feel like this guy =)
Yes,
UseCorsandAddCors. But what is for what? How does semantic of these calls differ? In both cases I am working withPolicyBuilder. Which call do I need when?