c# - ASP.NET 5/Core/vNext CORS not working even if allowing pretty much everything

Question

I have a ASP.NET 5 Web API (Well, MVC now anyway) back-end which I am consuming in with the axios library in my JS app.

My CORS config in MVC is the following:

public void ConfigureServices(IServiceCollection services)
{
      services.AddMvc();
      services.AddCors();
} 


public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{ 
      app.UseCors(builder => {
          builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
      });
}

So in other words, I should be allowing every request possible. However, while this fixed preflight requests, a POST requests still gets rejected (I can see it executes on the server, but there's no header in the response so it results in a client side error).

Does anyone have any ideas why this wouldn't work ?

These are the headers that are returned by the MVC api:

• For the OPTIONS preflight (this one passes):
• For the actual POST request (this one does NOT pass):

Answer 1

You have to add Cors before MVC. The registration order of the middleware is important. If Cors is registered after mvc it will never be called. They are called in the order of registration.

Once cors process the request, it will pass it to next middleware (Mvc)