asp.net-core Cross-Origin Requests (CORS) More sophisticated CORS policies
Example
The policy builder allows you to build sophisticated policies.
app.UseCors(builder =>
{
builder.WithOrigins("http://localhost:5000", "http://myproductionapp.com")
.WithMethods("GET", "POST", "HEAD")
.WithHeaders("accept", "content-type", "origin")
.SetPreflightMaxAge(TimeSpan.FromDays(7));
});
This policy only allows the origins http://localhost:5000 and http://myproductionapp.com with only the GET, POST and HEAD methods and only accepts the accept, content-type and origin HTTP headers. The SetPreflightMaxAge method causes the browsers to cache the result of the preflight request (OPTIONS) to be cached for the specified amount of time.
