Light-Duty-Wreckers:1 Access to XMLHttpRequest at 'https://www.test.net/api/api/Fleet/GetFleetList?type=json' from origin 'https://www.dnndomain.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I use ajax jquery to consume external api (webapi written with mvc/c#), and have above issues. I already added the header on webconfig, and still working ...need helps
I have a similar issue but with a react app. I have enabled CORS in IIS
Then I added it also in webconfig in the API (is built on this structure Module Development for Non-Developers, Skinners, & DNN Beginners - Blog Series Intro > DNN Corp (dnnsoftware.com))
Then I added it also in webconfig in the API (is built on this structure
I added then I installed [EnableCors(origins: "*", headers: "*", methods: "*")] to Action level (in webservices) and in Controller level (in TaskController).
The API respond ok with Postman to Get and Post. But to React app no luck with POST. https://example.com/Deskt...PI/ModuleTask/MyPost I get allways Access to XMLHttpRequest at 'https://example.com/DesktopModules/MyFirstModule/API/ModuleTask/MyPost' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
I have in the browser also an extension to ublock CORS.
One question is: where to enable CORS? in IIS, in DNN (if DNN has a web api communication) or WEB API app?
thank you!
The Same Origin Policy (SOP) is a security measure standardized among browsers. It is needed to prevent Cross-Site Request Forgery (CSRF). The "Origin" mostly refers to a "Domain". Same Origin Policy prevents different origins (domains) from interacting with each other, to prevent attacks such as CSRF (Cross Site Request Forgery) through such requests, like AJAX. In other words, the browser would not allow any site to make a request to any other site. Without Same Origin Policy , any web page would be able to access the DOM of other pages.
This SOP (Same Origin Policy) exists because it is too easy to inject a link to a javascript file that is on a different domain. This is actually a security risk ; you really only want code that comes from the site you are on to execute and not just any code that is out there.
If you want to bypass that restriction when fetching the contents with fetch API or XMLHttpRequest in javascript, you can use a proxy server so that it sets the header Access-Control-Allow-Origin to *.
If you need to enable CORS on the server in case of localhost, you need to have the following on request header.
Access-Control-Allow-Origin: http://localhost:9999
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.