Finbuckle and cors

[wluijk]

I keep getting cors errors on posts. I am working with an Angular 15 app on http://localhost:4200. I have the API running on http://localhost:80. Furthermore, in the hosts file in windows I have created two domains: one.example.local and two.example.local. Furthermore, in Program.CS of the API, I have the following AddCors statement right after CreateBuilder:

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddCors(options =>
{
    options.AddPolicy("MyOrigins",
                      policy =>
                      {
                          policy.WithOrigins("http://localhost",
                                             "http://localhost:4200");
                      });
});

Next comes my Multitenant statement:

builder.Services.AddMultiTenant<TenantInfo>()
        .WithRouteStrategy()
        .WithBasePathStrategy(options =>
        {
          // defaults to false for compatibility
          options.RebaseAspNetCorePathBase = true;
        })
        .WithHostStrategy()
        .WithConfigurationStore();

The UseCors statement comes immediately after the UseRouting:

var app = builder.Build();

app.UseRouting();
app.UseCors("MyOrigins");
app.UseMultiTenant();

With a GET http://one.example.local/accounts/info, I don't get CORS errors. With POST on http://one.example.local/accounts/authenticate I do. Does anyone have any ideas?

[AndrewTriesToCode]

Hi, I'm not a CORS expert but I'll try to help.

So just to test, can you comment out the finbuckle setup and middleware and see if you get the CORS behavior with finbuckle out of the picture? Also you have a lot of multitenant strategies gong on there. Do you intend to use them all?

Also, what are your expected results and what is the error you are getting on POST? Your policy definition and app/api uses localhost but your hosts file is using example.local domains.

[AndrewTriesToCode]

Did you ever get this figured out?

[wluijk]

No. It's very complex and a lot of testing. So far, I haven't found time to dive further into it. What I am very curious about is whether Finbuckle does anything with Cors and whether Finbuckle requires an order in the configuration of cors (before or after).

[AndrewTriesToCode]

Finbuckle doesn’t have any explicit interaction with CORS.

Indirectly, if using per-tenant options or the host based strategy it could potentially impact CORS.

Do either of those scenarios apply in your situation?