From the course: ASP.NET: Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Enabling CORS in ASP.NET Web API
- [Instructor] In our application, we also have one cross-domain call in our main layout page, which is the basis for all the pages in our app. query our Temperature API. But, unfortunately, it's a cross-domain call, You can validate this in the browser. If you open up the F12 tools, go to the console, we see that, yeah, access to an XMLHTTPRequest was blocked due to CORS. And if you go to the network tab, actually, let me zoom out before we do this, and then filter by XMLHTTPRequests, the request to temperature, I mean, if we load it directly in the browser, it works. Right? But if we have a look at the headers, we see that the request headers include the origin that has automatically be set, was sent to the browser, again was sent to the server, but no Access-Control-Allow-Origin comes back. And therefore, this cross-domain call doesn't work, yet. If you want to use CORS in ASP.NET on the server side, basically we are talking about Web API because it only makes sense if you have…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
(Locked)
OWASP Top 103m 36s
-
(Locked)
Cross-site scripting (XSS): The attack5m 10s
-
(Locked)
Cross-site scripting (XSS): The defense4m 18s
-
(Locked)
Cross-site scripting (XSS) in JavaScript5m 19s
-
(Locked)
Same-origin policy and CORS5m 12s
-
(Locked)
Enabling CORS in ASP.NET Web API6m 20s
-
(Locked)
SQL injection with ADO.NET3m 56s
-
(Locked)
SQL injection with Entity Framework3m 32s
-
(Locked)
Fixing SQL injection4m 27s
-
(Locked)
Cross-Site Request Forgery (CSRF)4m 40s
-
(Locked)
Defending against CSRF4m 24s
-
(Locked)
-
-
-
-