Attribute doesn't work with UseCors about cors HOT 5 CLOSED

CORS can be a little tricky. This may be because you are applying a more restrictive policy UseCors("OtherPolicy") and then trying to use a more relaxed version EnableCors("AllowAll"). If you wish some controller's actions to be specifically available to a certain origin, apply the more specific policy as an attribute to that controller. Also, when using MVC and CORS, it is recommended you use this example as a guideline.

Please let me know if the issue is something else. Maybe share your sample application or use the sample in the CORS repository to try your scenario.

from cors.

At your link it says

The precedence order is: Action, controller, global. Action-level policies take precedence over controller-level policies, and controller-level policies take precedence over global policies.

Which directly contradicts what you just said, it seems that documents don't represent the reality, which is "the order of applied policies is global, controller, and then action"

from cors.

@wparad running the action policies last means they can override (i.e. have precedence over) all other policies. What exactly is incorrect in the documentation?

from cors.

@wparad Thank you for your response. My apologies. My comment before is not descriptive enough. So, when using UseCors() middleware logic for Cors runs. This is a completely different middleware than MVC. If you read the example again, it says

When using MVC to enable CORS the same CORS services are used, but the CORS middleware is not.

and

You can enable CORS globally for all controllers by adding the CorsAuthorizationFilterFactory filter to the global filter collection

You are recommended to use CorsAuthorizationFilterFactory to set a global CORS policy for your controllers in MvcOptions.

This should solve the problem. But let us know if it doesn't work!

from cors.

Thanks @jbagga for the clarifications, let's close the issue for now.

from cors.