Developer forum

Forum » Dynamicweb 10 » Cors headers

Cors headers

E-mail notifications
Theodor Perrier
Reply
Posted on 26/08/2025 16:13:05

Is there a way to define cors policies in a DW 10 application.

I've tried with the standard way in a .net application, but it doesnt seem to work
For test purposes, i've added allow any, and it will be adjusted later
 

builder.Services.AddCors(options =>
{
    options.AddDefaultPolicy(policy =>
    {
        policy.AllowAnyOrigin()
              .AllowAnyHeader()
              .AllowAnyMethod();
    });
});
var app = builder.Build();

app.UseCors();
app.UseDynamicweb();


Replies

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 26/08/2025 16:53:27
Reply
This post has been marked as an answer

Hi Theodor

>>I've tried with the standard way in a .net application, but it doesnt seem to work

You can do that when you take over the program.cs - which requires you to host Dynamicweb your self as that is not supported in the cloud. Be aware that cors has to be registered very early - otherwise it will not work.

Dynamicweb supports iPipeline for adding stuff to the pipeline using custom addins - see this one: https://doc.dynamicweb.dev/documentation/extending/middleware/index.html

using Dynamicweb.Host.Core;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.DependencyInjection;

namespace CustomCode;

public class CorsPipeline : IPipeline
{
    public int Rank => -1; // Ensure CORS runs early enough

    private const string CorsPolicyName = "DefaultCors";

    public void RegisterServices(IServiceCollection services, IMvcCoreBuilder mvcBuilder)
    {
        services.AddCors(options =>
        {
            options.AddPolicy(CorsPolicyName, policy =>
            {
                policy.WithOrigins(
                        "https://www.dynamicweb.dk",
                        "https://partner.yourdomain.com")
                      .AllowAnyHeader()
                      .AllowAnyMethod();
            });
        });
    }

    public void RegisterApplicationComponents(IApplicationBuilder app)
    {
        app.UseCors(CorsPolicyName);
    }

    public void RunInitializers()
    {
        // No initializers needed for CORS
    }
}

I believe this should work - but have not tested it. It might not be early enough in the pipeline....

Good luck getting the headers correct :-).

BR Nicolai

Votes for this answer: 1
 
Theodor Perrier
Posted on 26/08/2025 18:13:33
Reply

Hey Nicolai.

Thanks for the provided.

I've adjustet the origins to match our test and development frontend.

I can verify that, when debugging, the pibeline is run before the builder.Services.AddDynamicweb(builder.Environment, builder.Configuration); command in the program.cs

Unfortunately, this doesnt work, there are no headers added to the options request and i still experience CORS erros :/

BR Theodor

 
Theodor Perrier
Posted on 26/08/2025 19:22:52
Reply

Hi Nicolai.

Don't take my previous post into consideration.

This works as intended.

There was a human error from my part.

Best regards

Theodor

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 26/08/2025 22:48:20
Reply

Thank you for the update.

Feel free to post your solution as it might come in handy for others.

Thanks, Nicolai

 
Theodor Perrier
Posted on 27/08/2025 10:07:46
Reply

Nicolai.

I made the default CORS work.

But i can verify that the solution that you provided also works.

Since the pibeline is run before all other Dynamicweb services are added.

Hope this clearifies

Theodor

 

You must be logged in to post in the forum