CORS: Response to preflight request doesn't pass access control check
When working with Angular and ASP.NET Core, you might get following error.
Failed to load resource: net::ERR_FAILED [http://serviceuri/api/....]
Access to XMLHttpRequest at 'http://serviceuri/api/..' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
This error refers to a CORS issue, which happens due the miss-configuration between client (in this case Angular application) and Service (in this case ASP.NET Core).
Client is trying to reach the service by url http://serviceuri/api/..
However the service has probably activated redirect to HTTPs:
app.UseHttpsRedirection();
When this happens, the OPTIONS request, during a CORS handshake will get redirected with HTTP 307 code (temporary redirect) from requested URL http://serviceuri/api/.. to appropriate https://serviceuri/api/.. url.
This causes the error:
Redirect is not allowed for a preflight request.
To workaround this issue, configure client to access service via HTTPs instead of HTTP.