![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
_NicoElNino_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Standalone Meta AI App Released for iPhone [Download]](https://www.iclarified.com/images/news/97157/97157/97157-640.jpg)
.NET Learning Notes: CORS and how to deal with it in developing
CORS Cross-Origin Resource Sharing is a mechanism that uses HTTP headers to grant a web application running on one origin permission to reach selected resources in a different origin.The web application executes a cross-origin HTTP request when it requests a resource that has a different origin from its own, including domain, protocol, or port. How to fix it in .NET Bacause the frontend port in my VS Code always change, I can not hardcode origins. var builder = WebApplication.CreateBuilder(args); // Add CORS service with dynamic origin checking builder.Services.AddCors(options => { options.AddPolicy("DynamicCors", policy => { policy .SetIsOriginAllowed(origin => origin.StartsWith("http://localhost:")) // allow all localhost ports .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials(); // if you're sending cookies or auth headers }); }); var app = builder.Build(); // Enable the CORS middleware app.UseCors("DynamicCors"); app.UseAuthorization(); app.MapControllers(); app.Run(); Notes: SetIsOriginAllowed(origin => origin.StartsWith("http://localhost:")) lets any localhost port access your backend during development. Do not use AllowAnyOrigin() with AllowCredentials() — it's invalid per the CORS spec. This only applies during development. In production, you should restrict to known origins.
CORS
Cross-Origin Resource Sharing is a mechanism that uses HTTP headers to grant a web application running on one origin permission to reach selected resources in a different origin.The web application executes a cross-origin HTTP request when it requests a resource that has a different origin from its own, including domain, protocol, or port.
How to fix it in .NET
Bacause the frontend port in my VS Code always change, I can not hardcode origins.
var builder = WebApplication.CreateBuilder(args);
// Add CORS service with dynamic origin checking
builder.Services.AddCors(options =>
{
options.AddPolicy("DynamicCors", policy =>
{
policy
.SetIsOriginAllowed(origin => origin.StartsWith("http://localhost:")) // allow all localhost ports
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials(); // if you're sending cookies or auth headers
});
});
var app = builder.Build();
// Enable the CORS middleware
app.UseCors("DynamicCors");
app.UseAuthorization();
app.MapControllers();
app.Run();
Notes:
SetIsOriginAllowed(origin => origin.StartsWith("http://localhost:")) lets any localhost port access your backend during development.
Do not use AllowAnyOrigin() with AllowCredentials() — it's invalid per the CORS spec.
This only applies during development. In production, you should restrict to known origins.
