CORS policy issue in .NET CORE

NovicaJosifovski · ‎06-21-2020

So I have a .net core app which currently throws an error in console saying:

Access to XMLHttpRequest at 'https://app.test.mk/arcgis/rest/services/karpos/Karpos_Vector_Izvodi/MapServer?f=json&dpi=96&transpa...' from origin 'https://localhost:44348' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'https://localhost:44348, *', but only one is allowed.

and this is what my Startup file looks like:

 public void ConfigureServices(IServiceCollection services)
 {
 services.AddCors(o => o.AddDefaultPolicy(builder =>
 {
 builder
 .WithOrigins("https://localhost:44348/", "https://app.gdi.mk/arcgis/rest/info?f=json",
 "Access-Control-Allow-Origin", "Access-Control-Allow-Credentials")
 .AllowAnyOrigin()
 .AllowAnyMethod()
 .AllowAnyHeader();
 }));
 services.AddControllersWithViews();
 services.AddRazorPages().AddNewtonsoftJson();
}

 // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
 public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 {
 if (env.IsDevelopment())
 {
 app.UseDeveloperExceptionPage();
 }
 else
 {
 app.UseExceptionHandler("/Home/Error");
 // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
 app.UseHsts();
 }
 app.UseCors();

 app.UseHttpsRedirection();
 
 app.UseStaticFiles();

 app.UseRouting();

 app.UseAuthorization();

 app.UseEndpoints(endpoints =>
 {
 endpoints.MapControllerRoute(
 name: "default",
 pattern: "{controller=Home}/{action=Index}/{id?}");
 });

 }
 }

and this is at the top of my View, in a script tag.

require(["esri/config"], function (esriConfig) {

 esriConfig.defaults.io.corsEnabledServers.push("http://app.test.mk");
 esriConfig.defaults.io.corsEnabledServers.push("https://localhost:44348/");
 // esriConfig.defaults.io.corsEnabledServers.push("http://app.test.mk/arcgis/rest/services/karpos/Karpos_Vector_Izvodi/MapServer");
 // esriConfig.defaults.io.corsEnabledServers.push("https://app.test.mk/arcgis/rest/services/karpos/Karpos_Vector_Izvodi/MapServer?f=json&dpi=96&transparent=true&format=png8");

 });

Anyone has any idea what the problem could be? I've been trying things for two days and the app keeps throwing the same error.

NovicaJosifovski · ‎06-23-2020

I actually figured out my issue, so I'll be posting here and maybe it'll help someone out in the future.

The issue with the CORS policy was that I was doing an $.ajax call and not specifying that the datatype is in JSON format. The browser doesn't like that, so the lack of datatype is considered a security risk by the browser and it blocks it. I did lose quite a bit of time to solve this but at least it's resolved.