CORS Policy not working and accepting all domain
# help-with-umbracon
Nilay
07/17/2024, 10:41 AMI am using https://github.com/nikcio/Nikcio.UHeadless Graphql package. I want to restrict url using CORS Policy but still allowing any url
Code file attached
@Nikcio
https://cdn.discordapp.com/attachments/1263083137563496480/1263083138423193632/message.txt?ex=6698f157&is=66979fd7&hm=84e3c54e1782653c89ce16a681a16870877deff3289e1507ea0ff66b4316f842&
m
Mike Chambers
07/17/2024, 10:45 AMas it depends when you add cors, think this might help
https://docs.umbraco.com/umbraco-cms/reference/routing/custom-middleware#configuring-the-cross-origin-resource-sharing-cors-middleware
Mike Chambers
07/17/2024, 10:50 AMn
Nikcio
07/17/2024, 11:37 AM@Nilay I'm on my phone right now but it looks like that you didn't specify the same name in the UHeadless cors settings as where you registered it?
n
Nilay
07/22/2024, 2:11 AMi tried with same name MyAllowSpecificOrigins and also different name but for any case it was allowing all domains @User
Nilay
07/24/2024, 6:32 AM@Nikcio any suggestion ?
n
Nikcio
07/24/2024, 5:12 PMAre you sending the
OriginNikcio
07/24/2024, 5:17 PMIf that doesnt work you can also try adding .MapGraphQL directly giving you access to the endpoint builder I believe. And then add .RequireCors("YourPolicyName")
https://github.com/nikcio/Nikcio.UHeadless/blob/v4%2Fcontrib/src%2FNikcio.UHeadless%2FExtensions%2FUHeadlessExtensions.cs#L142
Nikcio
07/24/2024, 5:18 PMAlso see the link Mike sent about this: https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-8.0#enable-cors-with-endpoint-routing
n
Nilay
07/27/2024, 4:16 AMThanks. I will check it out
48 Views