|I recently implemented a small service to handle uploads from the browser to our "media server" (rather legacy, don't ask) and on our dev server, no problem. On the actual media server box, I kept getting the dreaded no-access-control-allow-origin header.
Fussed with all the IIS settings and web.config settings to no avail.
Tested vanilla POST calls, all passed CORS without issues.
Learned about "simple requests" which multiform is one of and which don't do an OPTIONS preflight request.
Found an obscure post that people were getting this CORS error on ngnix when the file size was too large.
Tried uploading a a 1K file, and it worked!
Discovered that if the file size was somewhere between by 31K and 67K test files, the larger one failed.
Discovered that if I removed the docInfo parameter:
public IActionResult Upload([FromForm] DocumentUpload docInfo)
The endpoint was hit, no CORS error.
Was thinking, geez, what is .NET 6 doing? Do I have to parse the multiform data myself?
Found a post on the topic that mentioned this code:
var form = ControllerContext.HttpContext.Request.Form;
Tried that and to my horror, it threw an UnauthorizedAccessException that c:\windows\temp\[temp file] is not accessible.
Googled, added IIS AppPool\[my application pool] as a user to c:\windows\temp.
AND IT WORKED.
Unbelievable. An unauthorized access exception results in the browser giving me a CORS error!
This took all week to figure out, spending probably 6 hours a day on it.
And the small <30K file uploads worked without problems because it didn't require creating a temp file for the stream content.