Open Closed

Cors Policy #1940


User avatar
0
Spospisil created
  • ABP Framework version: v4.4.2
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

I am trying to show an iFrame within the content area of the Lepton theme layout. I keep getting a cross-origin issue in my solutions "Web" (non public) project even though I have added the 'CorsOrigins' entry in the 'App' section of my appsettings.json file. Additionaly I have added the following block of code to my 'WebModule' code, but they browser is still giving me the 'blocked a frame with origin "xxxx" from accessing a cross-origin frame.

        context.Services.AddCors(options =>
        {
            options.AddDefaultPolicy(builder =>
            {
                builder
                    .WithOrigins(
                        configuration["App:CorsOrigins"]
                            .Split(",", StringSplitOptions.RemoveEmptyEntries)
                            .Select(o => o.Trim().RemovePostFix("/"))
                            .ToArray()
                    )
                    .WithAbpExposedHeaders()
                    .SetIsOriginAllowedToAllowWildcardSubdomains()
                    .AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowCredentials();
            });
        });

1 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I think this limitation has nothing to do with CORS, it is a browser limitation.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38