How to enable CORS in ASP.NET Core

I am trying to enable cross origin resources sharing on my ASP.NET Core Web API, but I am stuck.

The EnableCors attribute accepts policyName of type string as parameter:

// Summary:
//     Creates a new instance of the Microsoft.AspNetCore.Cors.Core.EnableCorsAttribute.
// Parameters:
//   policyName:
//     The name of the policy to be applied.
public EnableCorsAttribute(string policyName);

What does the policyName mean and how can I configure CORS on an ASP.NET Core Web API?


You have to configure a CORS policy at application startup in the ConfigureServices method:

public void ConfigureServices(IServiceCollection services)
    services.AddCors(o => o.AddPolicy("MyPolicy", builder =>

    // ...

The CorsPolicyBuilder in builder allows you to configure the policy to your needs. You can now use this name to apply the policy to controllers and actions:


Or apply it to every request:

public void Configure(IApplicationBuilder app)

    // ...

    // This should always be called last to ensure that
    // middleware is registered in the correct order.