- ABP Framework version: v4.2.2
- UI type: Angular
- DB provider: MongoDB
- Tiered (MVC) or Identity Server Separated (Angular): yes / no
- Exception message and stack trace:
Access to XMLHttpRequest at 'https://app-iwellportalapi-test.azurewebsites.net/api/abp/application-configuration' from origin 'https://app-iwellportalfe-test.azurewebsites.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
2021-03-23T14:23:38.161958372Z [14:23:38 INF] Request starting HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/.well-known/openid-configuration - -
2021-03-23T14:23:38.162998333Z [14:23:38 INF] CORS policy execution failed.
2021-03-23T14:23:38.163009434Z [14:23:38 INF] Request origin https://app-iwellportalfe-test.azurewebsites.net does not have permission to access the resource.
2021-03-23T14:23:38.202722084Z [14:23:38 DBG] CORS request made for path: /.well-known/openid-configuration from origin: https://app-iwellportalfe-test.azurewebsites.net
2021-03-23T14:23:38.203473028Z [14:23:38 DBG] CorsPolicyService allowed origin: https://app-iwellportalfe-test.azurewebsites.net
2021-03-23T14:23:38.204043162Z [14:23:38 INF] CORS policy execution successful.
2021-03-23T14:23:38.222146133Z [14:23:38 DBG] Request path /.well-known/openid-configuration matched to endpoint type Discovery
2021-03-23T14:23:38.234305952Z [14:23:38 DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryEndpoint
2021-03-23T14:23:38.234917188Z [14:23:38 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryEndpoint for /.well-known/openid-configuration
2021-03-23T14:23:38.235332913Z [14:23:38 DBG] Start discovery request
2021-03-23T14:23:38.263539382Z [14:23:38 INF] Request finished HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/.well-known/openid-configuration - - - 200 - application/json;+charset=UTF-8 109.9435ms
2021-03-23T14:23:38.294173694Z [14:23:38 INF] Request starting HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/.well-known/openid-configuration/jwks - -
2021-03-23T14:23:38.295129951Z [14:23:38 INF] CORS policy execution failed.
2021-03-23T14:23:38.295750187Z [14:23:38 INF] Request origin https://app-iwellportalfe-test.azurewebsites.net does not have permission to access the resource.
2021-03-23T14:23:38.317353966Z [14:23:38 DBG] CORS request made for path: /.well-known/openid-configuration/jwks from origin: https://app-iwellportalfe-test.azurewebsites.net
2021-03-23T14:23:38.323893753Z [14:23:38 DBG] CorsPolicyService allowed origin: https://app-iwellportalfe-test.azurewebsites.net
2021-03-23T14:23:38.323910253Z [14:23:38 INF] CORS policy execution successful.
2021-03-23T14:23:38.334096556Z [14:23:38 DBG] Request path /.well-known/openid-configuration/jwks matched to endpoint type Discovery
2021-03-23T14:23:38.344425167Z [14:23:38 DBG] Endpoint enabled: Discovery, successfully created handler: IdentityServer4.Endpoints.DiscoveryKeyEndpoint
2021-03-23T14:23:38.345388624Z [14:23:38 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.DiscoveryKeyEndpoint for /.well-known/openid-configuration/jwks
2021-03-23T14:23:38.345831250Z [14:23:38 DBG] Start key discovery request
2021-03-23T14:23:38.345841651Z [14:23:38 INF] Request finished HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/.well-known/openid-configuration/jwks - - - 200 - application/json;+charset=UTF-8 48.4587ms
2021-03-23T14:23:38.385268984Z [14:23:38 INF] Request starting HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/api/abp/application-configuration - -
2021-03-23T14:23:38.386149036Z [14:23:38 INF] CORS policy execution failed.
2021-03-23T14:23:38.386823176Z [14:23:38 INF] Request origin https://app-iwellportalfe-test.azurewebsites.net does not have permission to access the resource.
2021-03-23T14:23:38.446165787Z [14:23:38 DBG] CORS request made for path: /api/abp/application-configuration from origin: https://app-iwellportalfe-test.azurewebsites.net but was ignored because path was not for an allowed IdentityServer CORS endpoint
2021-03-23T14:23:38.447005836Z [14:23:38 INF] No CORS policy found for the specified request.
2021-03-23T14:23:38.449683195Z [14:23:38 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2021-03-23T14:23:38.509187115Z [14:23:38 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc).
2021-03-23T14:23:38.509212017Z [14:23:38 DBG] Executing AbpApplicationConfigurationAppService.GetAsync()...
2021-03-23T14:23:38.695839158Z [14:23:38 DBG] Executed AbpApplicationConfigurationAppService.GetAsync().
2021-03-23T14:23:38.703242496Z [14:23:38 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'.
2021-03-23T14:23:38.773197735Z [14:23:38 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 315.511ms
2021-03-23T14:23:38.773802671Z [14:23:38 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2021-03-23T14:23:38.774209595Z [14:23:38 INF] Request finished HTTP/1.1 GET http://app-iwellportalapi-test.azurewebsites.net/api/abp/application-configuration - - - 200 - application/json;+charset=utf-8 380.1425ms
- Steps to reproduce the issue:
- locally the application runs fine
- update dbmigration settings for test environment and run to update test database
- deploy aspnet-core to azure app service (linux) and update appsettings like below. Swagger authorizations works.
app__CorsOrigins="https://app-iwellportalapi-test.azurewebsites.net, http://app-iwellportalapi-test.azurewebsites.net, https://app-iwellportalfe-test.azurewebsites.net"
app__RedirectAllowedUrls="https://app-iwellportalapi-test.azurewebsites.net,https://app-iwellportalfe-test.azurewebsites.net"
AuthServer__Authority="https://app-iwellportalapi-test.azurewebsites.net/"
AuthServer__SwaggerClientSecret="1q2w3e*"
- update angular environment.prod.ts and deploy angular to separate app service (https://app-iwellportalfe-test.azurewebsites.net)
- open the angular site and see the Cors error
5 Answer(s)
-
0
check your database table:
IdentityServerClientRedirectUris
if you are using the default URLs, those are configured for local development. Replace all yourlocalhost
URLs to your production addresses. -
0
-
0
app__CorsOrigins="https://app-iwellportalapi-test.azurewebsites.net, http://app-iwellportalapi-test.azurewebsites.net, https://app-iwellportalfe-test.azurewebsites.net"
Try adding the cors without empty space like: app__CorsOrigins="https://app-iwellportalapi-test.azurewebsites.net,http://app-iwellportalapi-test.azurewebsites.net,https://app-iwellportalfe-test.azurewebsites.net"
Verify that you have allowed correct and trimmed values in IdentityServerClientCorsOrigins table.
-
0
removing the spaces between the urls in app__CorsOrigins did the trick. Well spotted, thanks!
-
0
Whoo! nice shot :)