CORS preflight request gets 405 back on Minimal API #62029
Description
My ASP.NET Core 8.0 application returns 405 on CORS preflight requests. Can anyone point out what I might be missing here? Thanks in advance.
Application setup:
services.AddCors(corsOptions => corsOptions.AddPolicy(CorsPolicyName,
corsPolicyBuilder => corsPolicyBuilder
.WithOrigins(UiOrigins.ToArray())
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
));
app.UseCors(CorsPolicyName);
app.UseAuthorization();
app.MapGet($"/{nameof(ILoginService.CheckLogin)}", ([FromServices] ILoginService loginService, HttpContext context) => loginService.CheckLogin(context))
.WithName(nameof(ILoginService.CheckLogin));
Test results:
C:\work>curl -X OPTIONS https://localhost/Lightweight/CheckLogin -i -k -v --header "Origin: https://localhost:9999" --header "Access-Control-Request-Medhod: GET"
* Host localhost:443 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
* Trying [::1]:443...
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* Connected to localhost (::1) port 443
* using HTTP/1.x
> OPTIONS /Lightweight/CheckLogin HTTP/1.1
> Host: localhost
> User-Agent: curl/8.11.1
> Accept: */*
> Origin: https://localhost:9999
> Access-Control-Request-Medhod: GET
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
* Request completely sent off
< HTTP/1.1 405 Method Not Allowed
HTTP/1.1 405 Method Not Allowed
< Allow: GET
Allow: GET
< Content-Length: 0
Content-Length: 0
< Vary: Origin
Vary: Origin
< Server: Microsoft-HTTPAPI/2.0
Server: Microsoft-HTTPAPI/2.0
< Access-Control-Allow-Origin: https://localhost:9999
Access-Control-Allow-Origin: https://localhost:9999
< Access-Control-Allow-Credentials: true
Access-Control-Allow-Credentials: true
< Date: Tue, 20 May 2025 20:09:01 GMT
Date: Tue, 20 May 2025 20:09:01 GMT
<
* Connection #0 to host localhost left intact