No video :(

Cross-Origin Requests (CORS) in ASP.NET Core | Getting Started With ASP.NET Core Series

Подписаться 32 тыс.

Просмотров 19 тыс.

50% 1

Hello friends, Browser security prevents a web page from making requests to a different domain than the one that served the web page. This restriction is called the same-origin policy. The same-origin policy prevents a malicious site from reading sensitive data from another site.
Sometimes, you might want to allow other sites to make cross-origin requests to your application. This is usually when you have an API hosted independently and your different web applications talking to the API. In such scenarios, we need to enable CORS support on the API, so that the web application can call it.
In this video, let's learn about CORS, how it works, how to enable it in ASP NET API. I will show to how to simulate a CORS error in ASP NET Single Page Application and then add the appropriate configuration to ease the browser policies using CORS.
CORS is not a security feature, It is a W3C standard to relax same-origin policy. However if configured incorrectly CORS can cause potential issues to your application. Make sure to be explicit about the origins that can interact with the API that you are building.
🔗Source Code - Source Code: rahulpnath.vis...
🔗Enable CORS in ASP NET Core - docs.microsoft...
🔗Migrate from ASP.NET Core 2.2 to 3.0 - docs.microsoft...
Additional Watching
📹SINGLE PAGE APPLICATION (SPA) TEMPLATES in ASP.NET Core - • SINGLE PAGE APPLICATIO...
📹DEPENDENCY INJECTION in ASP.NET Core - • DEPENDENCY INJECTION i...
📹MIDDLEWARE in ASP.NET Core - • MIDDLEWARE in ASP.NET ...
📹ASP NET Core Series - • ASP.NET Core
Come say hi! ✋
🌍 Blog - rahulpnath.com/
✉ Subscribe to my Newsletter - www.rahulpnath...
🐦Twitter - / rahulpnath
📸Instagram - / rahulpnath
🎥 Recording Setup and Workflow - www.rahulpnath...
Video Edited by my wife, Parvathy 😍
Make sure to SUBSCRIBE to the channel. THANK YOU for helping me grow this channel !!

Опубликовано:

5 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 96

@RahulNath 3 года назад

My lovely wife, Parvathy decided to help me with the video editing this time. Sound off in the comments if you have any feedback.

@ChandimaChathura1990 3 года назад

Ha ha she did a nice job !

@RahulNath 3 года назад

@@ChandimaChathura1990 Thank you. I'll pass it on 😀

@wisnu7734 2 года назад

You choose a right woman to become your wife...hi rahul i want ask something...is my website secure from CSRF attack when i only Disable CORS and not implement AntiForgeryToken.. ?????

@moivile 2 года назад

Please make all the subtitles in your videos available.

@RahulNath 2 года назад

@@moivile I haven’t explicitly disabled it - but have been relying on RU-vid autogenerating. But sometimes it has trouble with my accent and skips generating it all together. Is there any specific area that you found it hard to follow ? Happy to clarify

@aikidoshi007 3 года назад

That is a brilliant summary of CORS, very clear and straight to the point. Good job.

@RahulNath 3 года назад

Glad you think so. Thank you Steve! I am sure you will like other videos in this series ru-vid.com/group/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP

@vidittyagi9872 3 года назад

one of the finest content I have come across. I have subscribed your channel. Thank you so much.

@RahulNath 3 года назад

Thank you Vidit and glad you are liking it. The full ASP NET Core Series is here ru-vid.com/group/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP. Do let know if you have any topic suggestions.

@radhagobindamishra4649 Год назад

I had watched many videos and tutorials but still I was never able to understand the CORS concept until I watched this video. Thanks a lot Rahul.

@RahulNath Год назад

Glad to hear that Radha! Do check out the full series here bit.ly/asp-net-core-series

@bhavyashah8847 3 года назад

I have been using cors in my asp.net core application to fetch requests from Angular. Nice explanation! Today, I got to know more about cors.

@RahulNath 3 года назад

Thank you Bhavya and glad you found it helpful!

@DjHomerr 10 месяцев назад

Absolutely love this series, as well as this video! Finally someone explaining cors in details and also addressing the misconception when people say that it is a security feature. Hope to see more videos on .NET 8 and the new things that come with it!

@RahulNath 8 месяцев назад

Glad you like them! Planning to do some videos on .NET 8 soon.

@anuragnair1784 3 года назад

Your videos have been a great source of learing and have helped me a lot in my professional career. Wanted to thank you all the efforts you take and the knowledge you share.

@RahulNath 3 года назад

Thank you Anurag and Glad to hear that. Do let know in case you have any video suggestions!

@parveensharma9806 3 года назад

Great learning experience with you. Thanks for this to the point video.

@RahulNath 3 года назад

Thank you Praveen. Happy you are liking these videos.

@starman9000 3 года назад

Hey Rahul, Nice content again! recently i have moved to Salesforce, but i keep coming to see .net content to your vlog! great work again, Besafe.

@RahulNath 3 года назад

Thank you Jay for coming back to watch videos here and good luck with Salesforce 😀

@raagasongs 3 года назад

Thanks Rahul..It helps me better understanding of CORS Policy.

@RahulNath 3 года назад

Thank you Rajesh. Do let know any other topics of interest and I'll try and cover them

@androidsavior Год назад

you are so brilliant, this is the best video ever for CORS

@RahulNath Год назад

Wow, thank you! Hope you are enjoying the other videos in this series bit.ly/asp-net-core-series

@mindflow3017 Год назад

that is very helpful

@RahulNath Год назад

Glad it is! You can check out the full series here bit.ly/asp-net-core-series

@rohithajare5133 2 года назад

Hi Rahul, You are simply awesome man. I appreciate your efforts and passion for the technology

@RahulNath 2 года назад

So nice of you Rohit and happy these are helping. I guess you are enjoying the full series bit.ly/asp-net-core-series

@LamLe-cl4he 2 года назад

Thanks for your video, very clear!

@RahulNath 2 года назад

Glad it was helpful! Do check out the full series here bit.ly/asp-net-core-series

@LamLe-cl4he 2 года назад

@@RahulNath sure, thanks

@naylenjohanarodriguez674 Год назад

your content is just priceless. thanks and keep going

@RahulNath Год назад

Glad you enjoy it! Hope you are enjoying the full series bit.ly/asp-net-core-series

@anurag3487 3 года назад

very well explained. Cheers. I learnt the pre-flight call.

@RahulNath 3 года назад

Glad it helped Anurag!

@dhivyadharshini8765 2 года назад

Such a clean content! Impressed sir! Subscribed!

@RahulNath 2 года назад

Thank you Dhivya. Hope you are liking the full series bit.ly/asp-net-core-series And you can call me Rahul 🙂

@malayaprasadlenka9088 2 года назад

Awesome explanation 👍👍

@RahulNath 2 года назад

Glad you liked it! Do check out the full series here bit.ly/asp-net-core-series Do let me know in case you get to watch it 😀

@TridentEnjoyer 3 года назад

I really appreciate the tutorials it helped me a lot in my problems.

@RahulNath 3 года назад

Great to know that 😀

@enriquecs 3 года назад

thanks for the information dude, it was really helpful!

@RahulNath 3 года назад

Glad you liked it, Enrique!

@codemonkey2614 2 года назад

You are the boss!

@RahulNath 2 года назад

Happy it helped George. Do check out the full series here, I am sure you'll like them bit.ly/asp-net-core-series

@codemonkey2614 2 года назад

@@RahulNath Yes, please add more tutorials. You are a great teacher!

@RahulNath 2 года назад

@@codemonkey2614 Sure will do - Do drop in if you have any suggestions on topics to be covered

@reinhardheydrich314 3 года назад

thank you so much , you are a life saver ty

@RahulNath 3 года назад

Glad it helped!

@lakshanmadubashika3248 2 года назад

super

@RahulNath 2 года назад

Thank you Lakshan!

@callegarip 3 года назад

Excellent explanation. Gracias!

@RahulNath 3 года назад

Thank you Victor and happy it helped you. Also check out the other videos in this series ru-vid.com/group/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP I am sure you will love it!

@ethicalit5072 2 года назад

thanks

@RahulNath 2 года назад

Welcome!

@usravan 3 года назад

Great video. Thank you.

@RahulNath 3 года назад

Thank you Saravan. Do check out the full series, if you haven't already ru-vid.com/group/PL59L9XrzUa-nqfCHIKazYMFRKapPNI4sP

@LatinoTropico 2 года назад

Excellent video Rahul. Thank you. I am new to CORS and like most thought it was necessary in my API for security reasons. Question: do I need to use CORS as a security feature if a hacker finds a way to access my API from a different domain? If I do not use CORS at all in my API, will the standard HTTPS security be enough to stop such a hack? In my case, my API is only accessible from one domain and no other domains have access to that domain, due to other internal system security measures. So I should be ok not to use CORS?

@amitamit6564 Год назад

Here we have specified localhost:3000 in allow origin. This is for running locally but what if I deploy my code on production using Azure then how would I handle CORS? As you told there are few ways by which we can handle. 1. Replacing value localhost:3000 with the actual url 2. Putting the URLs which want to allow in appsettings Is there anything which we can do in Azure devops and will it take precedence over my code. Please pardon my limited knowledge if I am unable to explain my question

@gouthamk378 3 года назад

Hey Rahul! The way you explain is really awesome and thanks! So I was using devops as just a code repository before, but know we are integrating pipeline and release! Could you please do a video on getting connecting strings and app settings from web app service for a asp.net core web api! Do we have to change code to do so or will changing the configuration in azure portal will work! Thanks again, keep going!

@RahulNath 3 года назад

Hey Goutham, Thank you and glad you liked the video. I have a full series on Azure DevOps here ru-vid.com/group/PL59L9XrzUa-m7AFDgjWuwm6exyCklc03U You can also refer to this specific playlist which shows release varilables and web apps - ru-vid.com/group/PL59L9XrzUa-kVJWbLMTJRJLpEGGq0YSg6 Let know if that helps and you have any additional question.

@callegarip 3 года назад

Thanks for the video. Question... So my CORS setup works when I run the app from VS in debug mode (IIS Express). I published my app to my Local IIS and now I am getting CORS error. What do I need to do in order to make it to work with Local IIS? In advance thank you!

@RahulNath 3 года назад

Maybe this? docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-5.0&WT.mc_id=AZ-MVP-5003875#cors-in-iis Let me know if you are able to solve the issue.

@aah134-K 2 года назад

I have a weird behavior, Trying to call cors but it include a cookie with authorization, Set-cookie not allowed with cors that has a star, So i added exact host but not working

@pedroferreira9234 3 года назад

When i publish to IIS the cors from .net doesn't work, do you have a solution for that? Great video.

@RahulNath 3 года назад

Still facing the issues or were you able to resolve this? Are you running into any of the issue here? github.com/dotnet/aspnetcore/issues/2232

@ChandimaChathura1990 3 года назад

Same issue. Have you resolved this?

@mukundanp9301 3 года назад

👍 from kottayam

@RahulNath 3 года назад

നന്ദി 😁

@DoDucQuangHE Год назад

excuse me, why i installed ASPnetCore.Cors already, in 17:08 its not recommend [EnableCors]. Still Cors blocked

@RahulNath Год назад

Hope you resolved your issue?

@mayureshs80 3 года назад

Will you have something with React and API with JWT

@RahulNath 3 года назад

Yes Mayuresh, I am working on the demo and the script for it. Should be there some time soon. A bit more work with it than the other videos

@mandardesai3841 3 года назад

Hey thanks but after adding cors policy i still get error when i deploy on server when i try in local environment (web api and client side app locally testing)its work perfect but when i access web api from server i got cors policy error is there need extra when deploying web api on server for cors related

@RahulNath 3 года назад

Did you set up the configuration correctly? What is the error that you get?

@mandardesai3841 3 года назад

@@RahulNath Access to fetch at 'XXX.XXX.XXX' from origin 'localhost:25031' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. this is error when i hit local machine(web api and app both on local machine) everything working great but when i host web api on server i got above error

@ChandimaChathura1990 3 года назад

Hello brother did you resolve this? I face the same thing. It's getting really crucial for me. Have you got this resolved?

@mandardesai3841 3 года назад

@@ChandimaChathura1990 in my project at that time I used blazor web assembly solution but I didn't fix this issue and blazor web assembly solution creates more prb on the older browser so I neglect that approach and went to blazor server-side project template and after basic CORS setting I never got this issue everything working fine

@ChandimaChathura1990 3 года назад

@@mandardesai3841 Thanks for the update bro. I got it fixed, actually a workaround not the best solution. I added the CORS at a lower level specifically controller level. It worked that way. But I know it's not very appropriate but I was kinda in an urgent so it helped for me.

@FlorinAsavei 2 года назад

Does Cors apply to api to api calls or just browser calls?

@RahulNath 2 года назад

It applies for browser. You can read the associated blog post here www.rahulpnath.com/blog/asp_net_core_cors_demystified/ . Hope that helps

@FlorinAsavei 2 года назад

@@RahulNath thank you for the response Rahul, I was thinking about implementing CORS to limit what APIs can call each other but it seems like it's not the best solution for this

@RahulNath 2 года назад

@@FlorinAsavei CORS is not a security feature, so you can’t use for that. You should use role based access for that and restrict APIs. (Token based etc)

@FlorinAsavei 2 года назад

@@RahulNath thank you Rahul! I will look into that as well.

@kalpeshblue2 3 года назад

First

@RahulNath 3 года назад

Frist! 😀

@ChandimaChathura1990 3 года назад

Hello Rahul I tried all these methods to add CORS policy and all worked fine. But after deployed on iis server the cors is not working and in postman the cors headers are not returning. What could be the reason?

@RahulNath 3 года назад

are there any IIS level CORS config set up that is overriding the code level setting?

@ChandimaChathura1990 3 года назад

@@RahulNath I just enabled iis and it's fresh start with iis defaults settings. I will double check if there is any. I saw a module called iis cors need to be installed but the same issue came on a different server which already is running other apps.

@ChandimaChathura1990 3 года назад

@@RahulNath Got it fixed with adding the CORS in controller level for the time being. Need to dig for a proper solution though. Thanks for the response Rahul!

@RahulNath 3 года назад

@@ChandimaChathura1990 Glad you sorted it out.

@wisnu7734 2 года назад

You choose a right woman to become your wife...hi rahul i want ask something...is my website secure from CSRF attack when i only Disable CORS and not implement AntiForgeryToken.. ?????

@RahulNath 2 года назад

Thank you! In short - No. This SO link should answer your question. security.stackexchange.com/questions/97825/is-cors-helping-in-anyway-against-cross-site-forgery Let me know if you have further questions.