asp.net-core Cross-Origin Requests (CORS) Enable CORS policy for all controllers
Example
To enable a CORS policy across all of your MVC controllers you have to build the policy in the AddCors extension within the ConfigureServices method and then set the policy on the CorsAuthorizationFilterFactory
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Cors.Internal;
...
public void ConfigureServices(IServiceCollection services) {
// Add AllowAll policy just like in single controller example.
services.AddCors(options => {
options.AddPolicy("AllowAll",
builder => {
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
});
// Add framework services.
services.AddMvc();
services.Configure<MvcOptions>(options => {
options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAll"));
});
}
public void Configure(IApplicationBuilder app) {
app.useMvc();
// For content not managed within MVC. You may want to set the Cors middleware
// to use the same policy.
app.UseCors("AllowAll");
}
This CORS policy can be overwritten on a controller or action basis, but this can set the default for the entire application.
