From the W3C specification,

simple cross-origin request has been defined as congruent with those which may be generated by currently deployed user agents that do not conform to this specification. Simple cross-origin requests generated outside this specification (such as cross-origin form submissions using GET or POST or cross-origin GET requests resulting from script elements) typically includeuser credentials, so resources conforming to this specification must always be prepared to expect simple cross-origin requests with credentials.

Too long, didn’t read (TL;DR). CORS prevents your application from sending data/requests to other websites unless those sites have explicitly allowed your request to come through. Here’s how to get your dotnet core application setup to handle requests.

Within the startup.cs file and ConfigureServices function, simply add the following line of code before calling AddMvc();

services.AddCors(options =>
    options.AddPolicy("AllowAll", b =>

Next, within the Configure function, setup your support for CORS. There are a lot of options for handling various domains, headers, and verbs.


For more information and to view the various configuration options available such as limiting specific verbs, origins, headers or credentials, check out this link.