How to use IdentityServerClientCorsOrigins? (ABP.IO)

Question

Currently the cors origins are configured in the appsettings however I am not able to configure in way that it gets the origins from the SQL Server database.

I have commented out that withOrigins sections however I have it already configured in the database but it gets rejected

This is the error I get when I am calling from http://localhost:3000

Access to XMLHttpRequest at 'https://ids.local/connect/userinfo' from origin 'http://localhost:3000' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Answer 1

Apply these on IdentityServer project:

1. Add AllowedCorsOrigins to the client's configuration on Config.cs or in DB (if using EF)

AllowedCorsOrigins =
                        { 
                            "http://localhost:3000" 
                        },

Be sure to use an origin (not a URL) when configuring CORS. For example: https://foo:123/ is a URL, whereas https://foo:123 is an origin.

Ref: http://docs.identityserver.io/en/dev/topics/cors.html#client-based-cors-configuration

2. In case you have custom cors policy, add it on startup.cs - ConfigureServices.

services.AddCors(options =>
            {
                options.AddPolicy("default", policy =>
                {
                        .AllowAnyHeader()
                        .AllowAnyMethod()
                        .AllowCredentials();
                });
            });

3. On startup.cs - Configure, add cors after IdentityServer.

app.UseIdentityServer();
app.UseCors("default");

IDS4 already register a custom cors policy, if you have one too make sure to add it after IDS4 middleware