Book Image

Mastering Minimal APIs in ASP.NET Core

By : Andrea Tosato, Marco Minerva, Emanuele Bartolesi
Book Image

Mastering Minimal APIs in ASP.NET Core

By: Andrea Tosato, Marco Minerva, Emanuele Bartolesi

Overview of this book

The Minimal APIs feature, introduced in .NET 6, is the answer to code complexity and rising dependencies in creating even the simplest of APIs. Minimal APIs facilitate API development using compact code syntax and help you develop web APIs quickly. This practical guide explores Minimal APIs end-to-end and helps you take advantage of its features and benefits for your ASP.NET Core projects. The chapters in this book will help you speed up your development process by writing less code and maintaining fewer files using Minimal APIs. You’ll also learn how to enable Swagger for API documentation along with CORS and handle application errors. The book even promotes ideas to structure your code in a better way using the dependency injection library in .NET. Finally, you'll learn about performance and benchmarking improvements for your apps. By the end of this book, you’ll be able to fully leverage new features in .NET 6 for API development and explore how Minimal APIs are an evolution over classical web API development in ASP.NET Core.
Table of Contents (16 chapters)
Part 1: Introduction
Part 2: What’s New in .NET 6?
Part 3: Advanced Development and Microservices Concepts

Enabling CORS

CORS is a security mechanism whereby an HTTP/S request is blocked if it arrives from a different domain than the one where the application is hosted. More information can be found in the Microsoft documentation or on the Mozilla site for developers.

A browser prevents a web page from making requests to a domain other than the domain that serves that web page. A web page, SPA, or server-side web page can make HTTP requests to several backend APIs that are hosted in different origins.

This restriction is called the same-origin policy. The same-origin policy prevents a malicious site from reading data from another site. Browsers don’t block HTTP requests but do block response data.

We, therefore, understand that the CORS qualification, as it relates to safety, must be evaluated with caution.

The most common scenario is that of SPAs that are released on web servers with different web addresses than the web server hosting the minimal API: