# 3.0: Enable CORS

In order to allow our client to send requests and receive responses, we need to enable [Cross-Origin Request Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS).

In the `Startup` class in our `.API` project, add the following middleware in the `Configure()` method:

```csharp
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    app.UseCors(x => x.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin().AllowCredentials());      //  <---- Added
    app.UseAuthentication();
    app.UseMvc();
}
```

This makes our API wide open, which makes testing easier. For deployment, you may consider changing this.