My development team was facing problem accessing web API over https. Access to XMLHttpRequest at 'https://--/api/Account/' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. At first, seems like Cors issue on backend API. In fact, browser was blocking request for security reason. So, for development purpose only, have to run Chrome with --disable-web-security. For window users. Open command prompt, Go to Chrome installed folder and run: chrome.exe --user-data-dir="C://dev_session" --disable-web-security Or: Just create short cut that target to "chrome_installed_path\chrome.exe" --user-data-dir="C://dev_session" --disable-web-security" Note: Do not use Chrome with --disable-web-security for web surfing. --NSA