[Solved] ASP .Net Core Error: Specify a Cross-Origin Embedder Policy to prevent this frame from being blocked

alay
 
on Aug 11, 2022 05:20 AM
1124 Views

I have an ASP .NET application running on .NET Core 6 and ASP .NET Core 6. 

I have added some middleware using app.use in order to add some headers.

The problem is that the middleware in not executed when requesting web worker script.

Not sure how much it will help the only error is there because the headers are missing.

Specify a Cross-Origin Embedder Policy to prevent this frame from being blocked

Here is my Program.cs:

RegisterDependencies();

// Add services to the container.
builder.Services.AddControllersWithViews();


var app = builder.Build();

app.Use(async (context, next) =>
{
	context.Response.Headers.Add("Cross-Origin-Embedder-Policy", "require-corp");
	context.Response.Headers.Add("Cross-Origin-Opener-Policy", "same-origin");
	await next();
});

// Configure the HTTP request pipeline.

app.UseStaticFiles();

app.UseRouting();

app.UseAuthorization();

app.MapControllerRoute(
		name: "GetCursor",
		pattern: "Api/GetCursor/{id}/{scale}",
		defaults: new { controller = "Api", action = "GetCursor" }
		   );

app.MapControllerRoute(
				name: "API",
				pattern: "Api/{action}/{gameId?}",
				defaults: new { controller = "Api", action = "{action}"}
			);


app.MapControllerRoute(
			   name: "FEW",
			   pattern: "{*url}",
			   defaults: new { controller = "Home", action = "Index" }
		   );

app.Run();

 

Download FREE API for Word, Excel and PDF in ASP.Net: Download
alay
 
on Aug 13, 2022 07:02 AM

Hi dharmendr,

I have figured out what I needed to do. From the MS documents you provided I figured out that static file requests are short circuited in order to reduce processing time. This means that app.use is never executed in requests for them. There is another function that has to be called to add headers to static files. This is what I came up with:

void ApplyHeaders(IHeaderDictionary headers)
{
    headers.Add("Cross-Origin-Embedder-Policy", "require-corp");
    headers.Add("Cross-Origin-Opener-Policy", "same-origin");
}
 
app.UseStaticFiles(new StaticFileOptions()
{
    OnPrepareResponse = (context) =>
    {
        ApplyHeaders(context.Context.Response.Headers);
    }
});

app.Use(async (context, next) =>
{
    ApplyHeaders(context.Response.Headers);
    await next();
});