ASP.NET Monsters #40: Understanding and Enabling CORS in ASP.NET Core

Download this episode

Download Video


There are many legitimate reasons why you'd want to allow your application to share data with other sites, but we don't want to do it in such a way that it allows wide-open access to your API or controller surface area. Often, we have a set of resources we want to share, with a set of origins that we trust to use our site appropriately.

Browsers today do not allow Cross Origin Resource Sharing by default, but because of the way the request-response works, you can enable it on the server where the resource is located. In this video, Monster James explains how to relax the default server policy and enable CORS for trusted origins.

For more information on the security vulnerabilites avoided by disabling CORS by default in the browser, please check out this entry in Wikipedia.


aspnet, MVC, Security



Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.