Coding⏱️ 3 min read📅 2026-06-04

How to Fix: How to fix "The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time" error

Configure CORS policy to allow wildcard origin and credentials in .NET Core API project.

Quick Answer: In the `Startup.cs` file, remove the `AllowCredentials()` method call and instead use the `WithOrigins()` method to specify individual origins or a specific domain. For example: `app.UseCors(builder => builder.WithOrigins(

📋 Table of Contents

  1. 💡 Why You Are Getting This Error
  2. 🛠️ Step-by-Step Verified Fixes
  3. ✨ Wrapping Up

The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time, which can cause issues when making API requests between different projects. This error affects developers who are trying to use APIs in another Blazor project.

This error is frustrating because it prevents developers from fully utilizing their applications' capabilities, especially when it comes to accessing data from other origins.

💡 Why You Are Getting This Error

  • The primary reason for this error is that the CORS protocol does not support specifying a wildcard origin and credentials simultaneously. This limitation is in place to prevent cross-site scripting (XSS) attacks.
  • Another possible cause of this error could be due to the fact that some browsers may interpret the '*' wildcard as a special character, rather than a literal wildcard, which can lead to incorrect configuration.

🛠️ Step-by-Step Verified Fixes

Enabling Specific Origins with Credentials

  1. Step 1: To fix this issue, you need to explicitly list the origins that are allowed to access your API. This means specifying each origin individually, rather than using a wildcard ('*').
  2. Step 2: You can do this by passing an array of origins to the AllowCredentials() method in your CORS configuration.
  3. Step 3: For example, if you want to allow requests from 'https://example.com' and 'https://sub.example.com', you would use the following code: app.UseCors(builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().WithOrigins(

Using a Proxy Server

  1. Step 1: Alternatively, you can use a proxy server to bypass this limitation. A proxy server acts as an intermediary between your application and the API, making it possible to access the API without explicitly specifying each origin.
  2. Step 2: You can set up a proxy server using a library or framework that supports CORS, such as Apache HttpClient or Swaggers.
  3. Step 3: For example, you could use the following code to configure a proxy server: var handler = new HttpClientHandler { Proxy = new WebProxy(

✨ Wrapping Up

By explicitly listing specific origins with credentials or using a proxy server, you can resolve the CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time error and fully utilize your applications' capabilities.

Did this fix your problem?

If not, try searching for specific error codes.

🔍 Search Error Database

❓ Frequently Asked Questions

🛠️ Related Fixes

How to Fix: Stuck in tutorial hell after 4 years: How do I b

Fix Stuck in tutorial hell after 4 years: How do I bui. Practice build

How to Fix: Trying to sync mutliple audio tracks to a movie

Fix Trying to sync mutliple audio tracks to a movie bu. Consider using

How to Fix: Failed to merge latest branches from upstream re

Fix Failed to merge latest branches from upstream repo. Try running 'g