it should still fix some issue Why would you want to? The result is: CORS is enabled or its not (for one resource). You can either do this by using the Attribute-Syntax ([EnableCors]) on your controller / your action-method, or make use of the fluent-api-design like in example with
this will help To set a default CORS policy use app.UseCors(string policyName) overload. Your CORS requests will be failing because you are rejecting all headers and methods. From what I read, the CORS specification states that you shouldn't set any headers at all if any of the checks fail. See implementation here, this is most likely why your client will be receiving the standard No 'Access-Control-Allow-Origin' header is present error, as no headers are added at all, even though the Origin check passes.
may help you . I found the problem and it was a really weird one. I was reading an older blog which talked about CORS and ASP.NET Core. Then I stumbled upon this comment which said that the solution worked for Kestrel, but not for IIS Express. So I changed my build configuration to not use IIS Express and it now works flawlessly for both browsers. If you want this to work for IIS Express, then you don't edit your Startup.cs, but you edit your application.config file which probably is located in your project root folder.
Hope that helps To access MyController , it should match both policies : the DefaultPolicy from RequireAuthorization and the custom Full policy . In addition , the DefaultPolicy could be updated by providing a policy to the UseAuthorization middleware :