Setup CORS Policy In ASP.NET Core 5 API | Ultimate ASP.NET Web API Tutorial For Beginners

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] welcome back guys in this lesson we're going to be configuring our course policy now cores is an acronym for cross origin resource sharing and this is just a mechanism that allows you to allow or restrict the sharing of resources across domains so let me say that in a bit more english when somebody who is not on your network tries to access your api by default your api is going to reject that access request all right so if i develop an internal api to be used in my company and somebody from outside my company with a completely different ip address and everything tries to consume the api or talk to the api then it's going to automatically let it know that hey well i can't send you any information because i don't know you so we want to configure this policy to at least facilitate some conversation with sources or requesters that are not necessarily in our network all right so i've actually run into this before where i developed an api for my company for third-party use and i spent some time debugging why this company couldn't access the api that was clearly working on my machine and every other machine around me and then after digging i realized it was the course policy so sometimes you live and learn you learn through experience well i'm here to just let you know what configurations you can put in place from the get go to kind of avoid certain busy work so in order to add this policy what we're going to do is in our startup.cs file and i'm just going to add it here order does matter to some extent but right now we're not really focusing on the order we just want to get our configurations in so i'm going to say services dot add course and then i'll just put the semicolon there so when we say add cores we need to add the policy like course needs to know how to behave right so the same way that when we're setting up the aggregate the swagger gen sorry we would say c and then this lambda arrow and then we can have multiple lines with multiple configurations you'd see it with endpoints and so on we're going to be doing that here so i'm going to say oh you can use any token really it doesn't it could be c could be oh it could be the word options like i said you see them using endpoints down here so i'll just say o and then the lambda arrow and then what i'm going to do is open and close curly braces so that means i'm going to have a whole block of configuration so i'm just breaking the line so we can see clearly exactly what's what and then i'm going to say oh dot add policy right so i'm adding a policy then i have to give it a name so first parameter is the name i'll just call it course policy nothing too fancy or confusing so course policy and then comma and then i have to define another lambda so i'll just call this one builder because now i'm going to be building the policy so builder lambda arrow and i'll just break line so i'm going to say builder dot allow any so here are all the options before i start setting them these are all the options you can allow any you can disallow you can set so if it is white listed or with certain headers you can define how your api will determine who is allowed to access me or my resources and who is not for no for educational purposes because later on maybe we can look at the securing of it and how we mix and match but then once again context is everything if you're developing an api for internet and third-party use then you can't be too strict with the api if ever and anybody should be able to get on otherwise you're going to have an administrative overhead of trying to figure out who is who all the time so i'm just going to say hello any origin and i'm just going to chain along allow any method meaning they can access every method that every endpoint that is defined here and then i'm going to say allow any header sorry allow any header all right and then i'll close the brace for the policy and then use semicolon so that's my course policy that i've defined so i'm just allowing every and anybody once you're coming to access my api you can go ahead and use the resources once again context is everything that will determine how strict you are with your your course policy now after doing all of that i'm now going to go down to configure and i'm going to let the app know that it should use the course policy so right here i'm just going to say app dot use course there we go and then it's going to say okay it has some overloads i'm going to tell it the policy name see so just by putting the quotation marks it's now saying okay what's the policy name so the policy name as i just outlined up top is course policy so maybe you could make it a bit more informative you could say hello all right because that's all it's really doing this policy is allowing all so i'm going to say use the policy that says allow all right so that's what the course policy is really for so at this in this situation we're not going to fully see the benefit of it but then if you've done any other project where you have the api and then you have an entirely different project which is the client project which means it is being broadcasted a different ip address than our port than the current api project once they try to talk that will not work until you have this policy in place [Music] you

Info

Channel: Trevoir Williams

Views: 4,060

Rating: undefined out of 5

Keywords: .net core, asp.net core web api, asp.net web api access-control-allow-origin, asp.net web api cors, cors in .net core, cors in asp.net core, cross origin resource sharing, cross origin resource sharing .net core, cross origin resource sharing asp.net core, enable cors web api, enablecorsattribute multiple origins, how to implement cors, how to implement cors in asp.net core, implementing cors in web api, web api install cors, asp.net core, visual studio

Id: 5t3cLm31biY

Channel Id: undefined

Length: 6min 52sec (412 seconds)

Published: Mon Mar 21 2022