CORS or Cross Origin Resource Sharing is a W3C standard for calling resources from a different domain into a web page.
Browser security policy prevents web pages to call services or resources from different domains. This restriction is called the same-origin policy. This exists for security reasons.
Different domains can be classified by the following four:
1. Different domains (www.mydomain.com vs www.yourdomain.com)
2. Different subdomains (www.sub1.mydomain.com vs www.sub2.mydomain.com)
3. Different scheme (HTTP vs HTTPS)
4. Different Ports
But oftentimes we will need to call services or resources from different domains. To solve that CORS was introduced by W3C.
CORS in ASP.NET Core applications can be implemented one of three ways:
1. Using middleware (Default or named policy)
2. Endpoint routing
3. Attribute-based
In this video, I will walk through implementing CORS using all the three above ways.
For this example, I have used an existing application for the web page, and it was part of the Static Files demonstration. The video for the Static Files is available here: https://youtu.be/FFjTn9UjkBM
Comments