I am unable to make cors work angular .net core 2.1 I get this error:

Access to XMLHttpRequest at 'https://dev...SaveAPP' from origin 'https://page' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

this is my startup.cs

public void ConfigureServices(IServiceCollection services)
{
    services.AddCors(options =>
    {
        options.AddPolicy("AllowAll",
            builder => builder.WithOrigins("http://localhost:4200", "https://e.corpintra.net", "https://specit-dtna-dev.e.corpintra.net", "https://specit-dtna.e.corpintra.net", "https://specit-dtna-test.e.corpintra.net")
                                  .AllowAnyMethod()
                                  .WithExposedHeaders("content-disposition")
                                  .AllowAnyHeader()
                                  .AllowCredentials()
                                  .SetPreflightMaxAge(TimeSpan.FromSeconds(3600)));
    });

    services.Configure<MvcOptions>(options =>
    {
        options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAll"));
    });

    services.AddMvc().AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
    services.AddAuthentication(IISDefaults.AuthenticationScheme);
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    if (env.IsProduction() || env.IsStaging())
    {
        app.UseExceptionHandler("/Error");
    }
    // app.UseCorsMiddleware();
    app.UseCors("AllowAll");
    //    app.UseCors(builder =>
    //          builder.WithOrigins("http://localhost:4200", "http://localhost:5000")
    //.AllowAnyOrigin()
    //.AllowAnyHeader()
    //.AllowAnyMethod());

    app.UseMvc();
}

from angular I am using an interceptor

intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {

    request = request.clone({
      withCredentials: true
    });
    return next.handle(request);
}

my api is both windows authentication and anonymous authentication enabled.

this is on an intranet.

(SOLVED) I had been getting a similar error while trying to convert the Tour of Heroes Angular 7 Demo to make REST calls to a remote MySQL DB. I had even tried moving the Apache server to my local machine:

Access to XMLHttpRequest at 'http://localhost/angular-php-app/backend' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

The SOLUTION, I found it here -> http://blog.wsoft.se/category/tips-tricks/

Here is what I did within my angular app:

install the cors-proxy-server

/tour-of-heroes-mysql>npm install -g cors-proxy-server

...Roaming\npm\cors-proxy-server -> ...Roaming\npm\node_modules\cors-proxy-server\index.js
+ cors-proxy-server@1.0.2
added 8 packages from 10 contributors in 2.376s

Started it up

tour-of-heroes-mysql>HOST=127.0.0.1 PORT=9090 cors-proxy-server &
[1] 17172
/tour-of-heroes-mysql>[Sun Jan 27 2019 10:52:13 GMT-0500 (Eastern Standard Time)] - CORS Proxy Server started on 127.0.0.1:9090

edit heroes.service to change the URL to include the proxy

    private heroesUrl = 'http://localhost/angular-php-app/backend';  // URL to web api
-->  private heroesUrl = 'http://localhost:9090/http://localhost/angular-php-app/backend'

Saved the changes and IT WORKED!!!!

NOTE: Had some problems with "PUT" operations, not sure if the proxy was handling those properly. Found this as a better solution using CHROME, just disable the check by adjusting the Windows Properties on the target, to this:

 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:/ChromeDevSession"

(NOTE - you will get a warning 'unsupported' when you start CHROME, but it works. Make a special shortcut on your desktop, use ONLY FOR TESTING)