CORS: Response to preflight request doesn't pass access control check

When working with Angular and ASP.NET Core, you might get following error.

Failed to load resource: net::ERR_FAILED [http://serviceuri/api/....]
Access to XMLHttpRequest at 'http://serviceuri/api/..' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

This error refers to a CORS issue, which happens due the miss-configuration between client (in this case Angular application) and Service (in this case ASP.NET Core).

Client is trying to reach the service by url http://serviceuri/api/..
However the service has probably activated redirect to HTTPs:

app.UseHttpsRedirection();

When this happens, the OPTIONS request, during a CORS handshake will get redirected with HTTP 307 code (temporary redirect) from requested URL http://serviceuri/api/.. to appropriate https://serviceuri/api/.. url.
This causes the error:

Redirect is not allowed for a preflight request.

To workaround this issue, configure client to access service via HTTPs instead of HTTP.


comments powered by Disqus