(index):1 Access to fetch at 'https://login.microsoftonline.com/xxxxxxxxxxxx-xxxxxxxxx-xxxx-xxxx-xxxxxxxxxx/oauth2/token' from origin 'https://xxxx.azurewebsites.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control
check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Member
120 Points
758 Posts
Swagger Web API Cors error
Nov 13, 2019 11:25 AM|micnie2020|LINK
Hi All,
I am using Client Credential Method.
I having error:-
(index):1 Access to fetch at 'https://login.microsoftonline.com/xxxxxxxxxxxx-xxxxxxxxx-xxxx-xxxx-xxxxxxxxxx/oauth2/token' from origin 'https://xxxx.azurewebsites.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
May I know what wrong?
Startup.cs
services.AddCors(options =>
<div> services.AddSwaggerGen(c =></div> <div> {</div> <div> c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" });</div> <div> c.AddSecurityDefinition("oauth2", new OAuth2Scheme</div> <div> {</div> <div> Type = "oauth2",</div> <div> Flow = "application",</div> <div> TokenUrl = $"https://login.microsoftonline.com/{Configuration["AzureAd:TenantId"]}/oauth2/token",</div> <div> Scopes = new Dictionary<string, string></div> <div> {</div> <div> { "user_impersonation", "Access XXX" }</div> <div> }</div> <div> });</div> <div> </div> <div> c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>></div> <div> {</div> <div> { "oauth2", new[] { "user_impersonation" } }</div> <div> });</div> <div> });</div>{
options.AddPolicy("SiteCorsPolicy", builder => builder
.WithOrigins(
"http://localhost:8080",
"https://localhost:8080",
"http://localhost:4200",
"https://localhost:4200",
"https://xxx.azurewebsites.net")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
app.UseCors("SiteCorsPolicy");
portal.azure.com >App Services > My Web API > Cors >[v tick] Enable Access-Control-Allow-Credentials
Allowed Origin: I added:-
https://xxx.azurewebsites.net
Please advise. What's is the step missing.
Thanks
Regards,
Micheale