In this video, learn how to add the CORS middleware to an ASP.NET Core API, and how to configure it properly depending on the policy you need.
- [Instructor] If you've decided that your API does need cors, adding it to the asp.net core pipeline is simple. In startup.cs, go down to the configure services method and we'll add services.AddCors. And we'll specify some options. We'll do options.AddPolicy to create a cors policy. Then we'll specify a string name, we'll just call this AllowMyApp. This can be any name you want. Then to build the policy, we'll say policy.WithOrigins and we'll specify the applications origin here.
This is the browser origin that'll be making requests. During development, sometime it can be useful to change this out for .AllowAnyOrigin just while you're doing testing. When you move to production, you should remove any of these any wildcard settings and lock down cors to just the origins that you need to use. Don't forget down in the configure method we also need to add it here. We need to say app.UseCors. And specify the name of that policy which we said was AllowMyApp.
It's important that UseCors is above any middle wear that generates a response such as UseNVC. If you need more help with cors there's plenty of documentation available on the asp.net cor documentation site at docs.asp.net.
Author
Released
9/21/2018- What is RESTful design?
- Building a new API with ASP.NET Core
- Using HTTP methods
- Returning JSON
- Creating RESTful routing with templates
- Versioning
- Securing RESTful APIs with HTTPS
- Representing resources
- Representing links
- Representing collections
- Sorting and searching collections
- Building forms
- Adding caching to an ASP.NET Core API
- Configuring user authentication and authorization
Skill Level Intermediate
Duration
Views
Related Courses
-
Designing RESTful APIs
with Keith Casey1h 24m Intermediate -
API Testing and Validation
with Keith Casey1h 13m Intermediate -
Deploying ASP.NET Core Applications
with Nate Barbettini1h 1m Intermediate
-
Introduction
-
1. REST API Concepts
-
What is REST?2m 37s
-
REST vs. RPC3m 24s
-
HTTP methods5m 4s
-
Full and partial updates1m 47s
-
Returning JSON2m 4s
-
The Ion hypermedia type1m 25s
-
-
2. Build a Basic API
-
Create a new project1m 20s
-
Configure MVC1m 45s
-
Create a root controller2m 46s
-
Test with Postman1m 13s
-
Introduction to OpenAPI1m 17s
-
Add NSwag to the project2m 28s
-
-
3. Versioning and Errors
-
Approaches to API versioning1m 52s
-
Add versioning support2m 45s
-
Serialize exceptions as JSON4m 11s
-
-
4. Secure the API
-
Require HTTPS3m 11s
-
How CORS works3m 1s
-
Add CORS middleware1m 33s
-
5. Represent Resources
-
Create a resource class2m 19s
-
Load data from configuration1m 35s
-
Set up an in-memory database2m 22s
-
Create data model classes1m 44s
-
Map models automatically3m 47s
-
-
6. Represent Links
-
Create a Link class4m 48s
-
Rewrite Links with a filter9m 47s
-
Rewrite resource HREFs4m 4s
-
-
7. Represent Collections
-
Add pagination7m 37s
-
8. Sorting Collections
-
Add sort attributes4m 28s
-
Validate sort parameters6m 58s
-
Add a default sort term3m 18s
-
9. Searching Collections
-
Add search attributes3m 35s
-
Validate search parameters7m 42s
-
Extend search to other types5m 21s
-
Add comparison operators3m 30s
-
10. Forms and Modifying Data
-
Forms in Ion1m 32s
-
Create a POST action13m 32s
-
Delete a resource3m 25s
-
Serialize the form metadata3m 54s
-
-
11. Caching and Compression
-
Compress responses1m 36s
-
How HTTP caching works4m 20s
-
Support the ETag header5m 7s
-
Add server-side caching3m 48s
-
-
12. Authentication and Authorization
-
Authentication for REST APIs3m 21s
-
Add Identity4m 51s
-
Add a test user3m 21s
-
Create a users collection5m 45s
-
Add OpenIddict4m 12s
-
Add a token endpoint2m 6s
-
Create a UserInfo route5m 28s
-
More about OpenID Connect2m 59s
-
Authorization using policies5m 19s
-
Conclusion
-
Next steps59s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Add CORS middleware