Skip to content

CORS (OrchardCore.Cors)

CORS stands for Cross-Origin Resource Sharing.
Modern browsers do not allow script execution from a different domain that serves the scripts. This restriction is called the same-origin policy.
In order to tell the browser to be less strict, we can allow some exceptions configured in the CORS module.

For more information, see and


As using AllowCredentials and AllowAnyOrigin at the same time is considered as a security risk, policies containing BOTH these options will NOT be activated.