Understanding CORS with ASP.NET Core C# 

Epic explanation! Gets directly into the golden collection 😍Thank you!

Well explained. I understand it a bit better now. I already knew how to fix the errors but this added a bit more depth to my understanding. I never saw it done the manual way before, it makes more sense. Thanks.

Thank you, thank you and thank you! Finally I got to understand this topic. Really well explained as always. Again thanks!

Another great well explained video. Thanks heaps for making it.

Very informative like no other. Thank you!

Well explained, one of the best video I have watched for CORS. Thanks for that.

Good explanation. Thank you

You are a god thank you. very nice video💙

Liked And Already Subscribed Bro

Nice clear overview! If you needed to dynamically apply CORS configuration based on the request (which origin, is the request authenticated, ect...) can this be done with the built-in ASPNET Core "UseCors" middleware or should this be a completely custom built middleware?

Thanks Anton for the awesome video how to load origins dynamically from database ?

are you reading my messages?? I literally just asked this question holy shi* man holy falgget blacakaty magati shiiii- Thank Yoouuuu

I have one question about the first part of the video. Unless I missed it, there was no preflight request for "Access-Control-Allow-Origin". Is it implicit? The server still has to first reply, and tell the browser that it allows CORS, right?

Still trying to figure out what CORS actually protects from: CORS is easily bypassed, for starters. As soon as you have the server set up to allow certain origins, methods, etc, then you no longer have the same security level (the session mechanism will be sent over just like normal). I don't get how this helps with security.

I have several POST endpoints in my controller, how can I allow CORS only for one of them and disallow it for others?

Thanks for well explained video, can I use CORS to allow or disallow calls to my APIs from mobile apps ? if yes How to do so ?

As someone not already familiar with CORS at this depth I found this a little too fast. Especially when it came to the allow credentials part where Creds and "cookies" seem to get conflated and from the point I was completely lost. Will have re-watch to see if I can unpick it.

I've been reading and looking around to understand CORS and I got a pretty good idea about it now. I have a problem where the preflight, when my webapi is deployed to the server, always returns a 401 Unauthorized. I'm calling the webapi from a vue-site installed on the same server but different site and port. I used the app.useCors but it still didn't work when deployed. So then I expliclty put the headers for allowing origins but I still get the 401 from the preflight/OPTIONS request. In chrome I don't see the allow-origins header on for the options request and the console says the header is missing but I know for a fact that I send it. So I don't understand why the 401?? Oh, and all GET requests work just fine, it's the preflight with OPTIONS that get the 401.. Anyone has any idea about how to solve it?

That minimal api apps are very confusing - I'm missing the part where OtherApp is calling an API. EDIT: Nvm - fetching a server app from otherapp console does this.

First 😄