Open Closed

CORS error at /api/abp/application-configuration #1083


User avatar
0
william@iwell.nl created
  • ABP Framework version: v4.2.2
  • UI type: Angular
  • DB provider: MongoDB
  • Tiered (MVC) or Identity Server Separated (Angular): yes / no
  • Exception message and stack trace:

Access to XMLHttpRequest at 'https://app-iwellportalapi-test.azurewebsites.net/api/abp/application-configuration' from origin 'https://app-iwellportalfe-test.azurewebsites.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

2021-03-23T14:23:38.161958372Z [14:23:38 INF] Request starting HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/.well-known/openid-configuration - -
2021-03-23T14:23:38.162998333Z [14:23:38 INF] CORS policy execution failed.
2021-03-23T14:23:38.163009434Z [14:23:38 INF] Request origin https://app-iwellportalfe-test.azurewebsites.net does not have permission to access the resource.
2021-03-23T14:23:38.202722084Z [14:23:38 DBG] CORS request made for path: /.well-known/openid-configuration from origin: https://app-iwellportalfe-test.azurewebsites.net
2021-03-23T14:23:38.203473028Z [14:23:38 DBG] CorsPolicyService allowed origin: https://app-iwellportalfe-test.azurewebsites.net
2021-03-23T14:23:38.204043162Z [14:23:38 INF] CORS policy execution successful.
2021-03-23T14:23:38.222146133Z [14:23:38 DBG] Request path /.well-known/openid-configuration matched to endpoint type Discovery
2021-03-23T14:23:38.234305952Z [14:23:38 DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
2021-03-23T14:23:38.234917188Z [14:23:38 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
2021-03-23T14:23:38.235332913Z [14:23:38 DBG] Start discovery request
2021-03-23T14:23:38.263539382Z [14:23:38 INF] Request finished HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/.well-known/openid-configuration - - - 200 - application/json;+charset=UTF-8 109.9435ms
2021-03-23T14:23:38.294173694Z [14:23:38 INF] Request starting HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/.well-known/openid-configuration/jwks - -
2021-03-23T14:23:38.295129951Z [14:23:38 INF] CORS policy execution failed.
2021-03-23T14:23:38.295750187Z [14:23:38 INF] Request origin https://app-iwellportalfe-test.azurewebsites.net does not have permission to access the resource.
2021-03-23T14:23:38.317353966Z [14:23:38 DBG] CORS request made for path: /.well-known/openid-configuration/jwks from origin: https://app-iwellportalfe-test.azurewebsites.net
2021-03-23T14:23:38.323893753Z [14:23:38 DBG] CorsPolicyService allowed origin: https://app-iwellportalfe-test.azurewebsites.net
2021-03-23T14:23:38.323910253Z [14:23:38 INF] CORS policy execution successful.
2021-03-23T14:23:38.334096556Z [14:23:38 DBG] Request path /.well-known/openid-configuration/jwks matched to endpoint type Discovery
2021-03-23T14:23:38.344425167Z [14:23:38 DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryKeyEndpoint
2021-03-23T14:23:38.345388624Z [14:23:38 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks
2021-03-23T14:23:38.345831250Z [14:23:38 DBG] Start key discovery request
2021-03-23T14:23:38.345841651Z [14:23:38 INF] Request finished HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/.well-known/openid-configuration/jwks - - - 200 - application/json;+charset=UTF-8 48.4587ms
2021-03-23T14:23:38.385268984Z [14:23:38 INF] Request starting HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/api/abp/application-configuration - -
2021-03-23T14:23:38.386149036Z [14:23:38 INF] CORS policy execution failed.
2021-03-23T14:23:38.386823176Z [14:23:38 INF] Request origin https://app-iwellportalfe-test.azurewebsites.net does not have permission to access the resource.
2021-03-23T14:23:38.446165787Z [14:23:38 DBG] CORS request made for path: /api/abp/application-configuration from origin: https://app-iwellportalfe-test.azurewebsites.net but was ignored because path was not for an allowed IdentityServer CORS endpoint
2021-03-23T14:23:38.447005836Z [14:23:38 INF] No CORS policy found for the specified request.
2021-03-23T14:23:38.449683195Z [14:23:38 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2021-03-23T14:23:38.509187115Z [14:23:38 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc).
2021-03-23T14:23:38.509212017Z [14:23:38 DBG] Executing AbpApplicationConfigurationAppService.GetAsync()...
2021-03-23T14:23:38.695839158Z [14:23:38 DBG] Executed AbpApplicationConfigurationAppService.GetAsync().
2021-03-23T14:23:38.703242496Z [14:23:38 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'.
2021-03-23T14:23:38.773197735Z [14:23:38 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 315.511ms
2021-03-23T14:23:38.773802671Z [14:23:38 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2021-03-23T14:23:38.774209595Z [14:23:38 INF] Request finished HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/api/abp/application-configuration - - - 200 - application/json;+charset=utf-8 380.1425ms

  • Steps to reproduce the issue:
  1. locally the application runs fine
  2. update dbmigration settings for test environment and run to update test database
  3. deploy aspnet-core to azure app service (linux) and update appsettings like below. Swagger authorizations works.
app__CorsOrigins="https://app-iwellportalapi-test.azurewebsites.net, http://app-iwellportalapi-test.azurewebsites.net, https://app-iwellportalfe-test.azurewebsites.net"
app__RedirectAllowedUrls="https://app-iwellportalapi-test.azurewebsites.net,https://app-iwellportalfe-test.azurewebsites.net"
AuthServer__Authority="https://app-iwellportalapi-test.azurewebsites.net/"
AuthServer__SwaggerClientSecret="1q2w3e*"
  1. update angular environment.prod.ts and deploy angular to separate app service (https://app-iwellportalfe-test.azurewebsites.net)
  2. open the angular site and see the Cors error

5 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    check your database table: IdentityServerClientRedirectUris if you are using the default URLs, those are configured for local development. Replace all your localhost URLs to your production addresses.

  • User Avatar
    0
    william@iwell.nl created

    Hi Alper,

    thanks for the quick reply. I checked the tabel, but those seems to be configured correctly. No localhost url found. Also stopped and started the app service to be sure the change is applied, but no avail.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    app__CorsOrigins="https://app-iwellportalapi-test.azurewebsites.net, http://app-iwellportalapi-test.azurewebsites.net, https://app-iwellportalfe-test.azurewebsites.net"

    Try adding the cors without empty space like: app__CorsOrigins="https://app-iwellportalapi-test.azurewebsites.net,http://app-iwellportalapi-test.azurewebsites.net,https://app-iwellportalfe-test.azurewebsites.net"

    Verify that you have allowed correct and trimmed values in IdentityServerClientCorsOrigins table.

  • User Avatar
    0
    william@iwell.nl created

    removing the spaces between the urls in app__CorsOrigins did the trick. Well spotted, thanks!

  • User Avatar
    0
    alper created
    Support Team Director

    Whoo! nice shot :)

Made with ❤️ on ABP v9.1.0-preview. Updated on November 01, 2024, 05:35