Enable Cross-Origin Requests (CORS) in ASP.NET Core

Store Allowed Domains in appsettings.json: Instead of hardcoding the allowed domains in the code, we can define them in the configuration file:

{
  "AllowedOrigins": [
    "https://app1.example.com",
    "https://app2.example.com",
    "https://mobile.example.com"
  ]
}

Retrieved the array of allowed origins from the app settings and used them to register CORS services :

string allowedSpecificOrigins = "AllowSpecificOrigins";
WebApplicationBuilder? builder = WebApplication.CreateBuilder(args);
string[]? allowedOrigins = builder
                 .Configuration
                 .GetSection("AllowedOrigins")
                 .Get<string[]>();
builder.Services.AddCors(options =>
{
    options.AddPolicy(allowedSpecificOrigins,
        policy =>
           {
               policy.WithOrigins(allowedOrigins)
                     .AllowAnyMethod()
                     .AllowAnyHeader();
            });
});
builder.Services.AddControllers();

Enable CORS middleware

app.UseCors(allowedSpecificOrigins);