Epic explanation! Gets directly into the golden collection 😍Thank you!

Well explained. I understand it a bit better now. I already knew how to fix the errors but this added a bit more depth to my understanding. I never saw it done the manual way before, it makes more sense. Thanks.

Well explained, one of the best video I have watched for CORS. Thanks for that.

Great work ! Keep it up. Really appreciable !

Thank you, thank you and thank you! Finally I got to understand this topic. Really well explained as always. Again thanks!

Another great well explained video. Thanks heaps for making it.

Very informative like no other. Thank you!

Good explanation. Thank you

You are a god thank you. very nice video💙

Nice clear overview! If you needed to dynamically apply CORS configuration based on the request (which origin, is the request authenticated, ect...) can this be done with the built-in ASPNET Core "UseCors" middleware or should this be a completely custom built middleware?

I have several POST endpoints in my controller, how can I allow CORS only for one of them and disallow it for others?

Liked And Already Subscribed Bro

Thanks Anton for the awesome video how to load origins dynamically from database ?

I have one question about the first part of the video. Unless I missed it, there was no preflight request for "Access-Control-Allow-Origin". Is it implicit? The server still has to first reply, and tell the browser that it allows CORS, right?

are you reading my messages?? I literally just asked this question holy shi* man holy falgget blacakaty magati shiiii- Thank Yoouuuu

Thanks for well explained video, can I use CORS to allow or disallow calls to my APIs from mobile apps ? if yes How to do so ?

Still trying to figure out what CORS actually protects from: CORS is easily bypassed, for starters. As soon as you have the server set up to allow certain origins, methods, etc, then you no longer have the same security level (the session mechanism will be sent over just like normal). I don't get how this helps with security.

As someone not already familiar with CORS at this depth I found this a little too fast. Especially when it came to the allow credentials part where Creds and "cookies" seem to get conflated and from the point I was completely lost. Will have re-watch to see if I can unpick it.

I've been reading and looking around to understand CORS and I got a pretty good idea about it now. I have a problem where the preflight, when my webapi is deployed to the server, always returns a 401 Unauthorized. I'm calling the webapi from a vue-site installed on the same server but different site and port. I used the app.useCors but it still didn't work when deployed. So then I expliclty put the headers for allowing origins but I still get the 401 from the preflight/OPTIONS request. In chrome I don't see the allow-origins header on for the options request and the console says the header is missing but I know for a fact that I send it. So I don't understand why the 401?? Oh, and all GET requests work just fine, it's the preflight with OPTIONS that get the 401.. Anyone has any idea about how to solve it?

That minimal api apps are very confusing - I'm missing the part where OtherApp is calling an API. EDIT: Nvm - fetching a server app from otherapp console does this.

First 😄