Cross domain calls on SSR #109

New Issue

fergalmoran · 2025-08-09T17:15:02Z

fergalmoran commented

2025-08-09 17:15:02 +00:00

Originally created by @leonardochaia on 4/2/2018

Hello all, I'm using the new template dotnet new angular with the angular-cli. I've striped everything and left only the Fetch Data part. (HTTP call done to an API on the same project)

I've enabled SSR according to MSDN blog.

I've enabled CORS to allow any Origin, Method, Header, and Credentials.

If I open the browser (Chrome) to http://localhost:5000/ the API call is done on the server and the results are prerendered correctly.

If I browse to a subdomain, i.e: http://foo.localhost:5000/ the API call is not performed on the server (fails), but does succeed on the client.

Relevant Server Logs ( complete logs )

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET http://foo.localhost:5000/  
info: Microsoft.AspNetCore.NodeServices[0]
      http://foo.localhost:5000/api/SampleData/WeatherForecasts
fail: Microsoft.AspNetCore.NodeServices[0]
      HttpErrorResponse {
        headers: HttpHeaders { normalizedNames: Map {}, lazyUpdate: null, headers: Map {} },
        status: 0,
        statusText: 'Unknown Error',
        url: null,
        ok: false,
        name: 'HttpErrorResponse',
        message: 'Http failure response for (unknown url): 0 Unknown Error',
        error: 
         ProgressEvent {
           type: 'error',
           target: 
            XMLHttpRequest {
              onloadstart: null,
              onprogress: null,
              onabort: null,
              onerror: null,
              onload: null,
              ontimeout: null,
              onloadend: null,
              _listeners: [Object],
              onreadystatechange: null,
              _anonymous: undefined,
              readyState: 4,
              response: null,
              responseText: '',
              responseType: 'text',
              responseURL: '',
              status: 0,
              statusText: '',
              timeout: 0,
              upload: [XMLHttpRequestUpload],
              _method: 'GET',
              _url: [Url],
              _sync: false,
              _headers: [Object],
              _loweredHeaders: [Object],
              _mimeOverride: null,
              _request: null,
              _response: null,
              _responseParts: null,
              _responseHeaders: null,
              _aborting: null,
              _error: null,
              _loadedBytes: 0,
              _totalBytes: 0,
              _lengthComputable: false },
           currentTarget: 
            XMLHttpRequest {
              onloadstart: null,
              onprogress: null,
              onabort: null,
              onerror: null,
              onload: null,
              ontimeout: null,
              onloadend: null,
              _listeners: [Object],
              onreadystatechange: null,
              _anonymous: undefined,
              readyState: 4,
              response: null,
              responseText: '',
              responseType: 'text',
              responseURL: '',
              status: 0,
              statusText: '',
              timeout: 0,
              upload: [XMLHttpRequestUpload],
              _method: 'GET',
              _url: [Url],
              _sync: false,
              _headers: [Object],
              _loweredHeaders: [Object],
              _mimeOverride: null,
              _request: null,
              _response: null,
              _responseParts: null,
              _responseHeaders: null,
              _aborting: null,
              _error: null,
              _loadedBytes: 0,
              _totalBytes: 0,
              _lengthComputable: false },
           lengthComputable: false,
           loaded: 0,
           total: 0 } }
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 2248.4028ms 200 text/html

The URL is correct (second info log), quick Google results seems to point to CORS not being enabled, but it is.

I've tested it using spa.UseProxyToSpaDevelopmentServer("http://localhost:4200") instead of the AngularCliMiddleware and the same result happens on 5000 port.
Also, if browsing to the SPA development server on port 4200, with it being forced to perform the API calls against http://localhost:5000 it works, which should mean that CORS is working fine.

Here's a repo reproducing the issue
Any guidance will be appreciated.
Thank you,
Leo.

*Originally created by @leonardochaia on 4/2/2018* Hello all, I'm using the new template `dotnet new angular` with the angular-cli. I've striped everything and left only the Fetch Data part. (HTTP call done to an API on the same project) I've enabled SSR according to [MSDN blog](https://docs.microsoft.com/en-us/aspnet/core/spa/angular?tabs=visual-studio). I've enabled CORS to allow any Origin, Method, Header, and Credentials. If I open the browser (Chrome) to `http://localhost:5000/` the API call is done on the server and the results are prerendered correctly. If I browse to a subdomain, i.e: `http://foo.localhost:5000/` the API call is not performed on the server (fails), but does succeed on the client. Relevant Server Logs ( [complete logs](https://gist.github.com/leonardochaia/1a43aa7d44c71e02bd454350d4daf548) ) ``` info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1] Request starting HTTP/1.1 GET http://foo.localhost:5000/ info: Microsoft.AspNetCore.NodeServices[0] http://foo.localhost:5000/api/SampleData/WeatherForecasts fail: Microsoft.AspNetCore.NodeServices[0] HttpErrorResponse { headers: HttpHeaders { normalizedNames: Map {}, lazyUpdate: null, headers: Map {} }, status: 0, statusText: 'Unknown Error', url: null, ok: false, name: 'HttpErrorResponse', message: 'Http failure response for (unknown url): 0 Unknown Error', error: ProgressEvent { type: 'error', target: XMLHttpRequest { onloadstart: null, onprogress: null, onabort: null, onerror: null, onload: null, ontimeout: null, onloadend: null, _listeners: [Object], onreadystatechange: null, _anonymous: undefined, readyState: 4, response: null, responseText: '', responseType: 'text', responseURL: '', status: 0, statusText: '', timeout: 0, upload: [XMLHttpRequestUpload], _method: 'GET', _url: [Url], _sync: false, _headers: [Object], _loweredHeaders: [Object], _mimeOverride: null, _request: null, _response: null, _responseParts: null, _responseHeaders: null, _aborting: null, _error: null, _loadedBytes: 0, _totalBytes: 0, _lengthComputable: false }, currentTarget: XMLHttpRequest { onloadstart: null, onprogress: null, onabort: null, onerror: null, onload: null, ontimeout: null, onloadend: null, _listeners: [Object], onreadystatechange: null, _anonymous: undefined, readyState: 4, response: null, responseText: '', responseType: 'text', responseURL: '', status: 0, statusText: '', timeout: 0, upload: [XMLHttpRequestUpload], _method: 'GET', _url: [Url], _sync: false, _headers: [Object], _loweredHeaders: [Object], _mimeOverride: null, _request: null, _response: null, _responseParts: null, _responseHeaders: null, _aborting: null, _error: null, _loadedBytes: 0, _totalBytes: 0, _lengthComputable: false }, lengthComputable: false, loaded: 0, total: 0 } } info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2] Request finished in 2248.4028ms 200 text/html ``` The URL is correct (second info log), quick Google results seems to point to CORS not being enabled, but it is. I've tested it using `spa.UseProxyToSpaDevelopmentServer("http://localhost:4200")` instead of the `AngularCliMiddleware` and the same result happens on 5000 port. Also, if browsing to the SPA development server on port 4200, with it being forced to perform the API calls against `http://localhost:5000` it works, which should mean that CORS is working fine. Here's a [repo reproducing the issue](https://github.com/leonardochaia/JavaScriptServicesTests) Any guidance will be appreciated. Thank you, Leo.

fergalmoran closed this issue

2025-08-09 17:15:02 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/JavaScriptServices#109