ASP.NET 5/Core/vNext CORS not working even if allowing pretty much everything

You have to add Cors before MVC. The registration order of the middleware is important. If Cors is registered after mvc it will never be called. They are called in the order of registration.

Once cors process the request, it will pass it to next middleware (Mvc)

This works for me:

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{ 
    app.UseCors(x => x.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
}

@Norgerman mentioned this in the comments, but I think it is worthy of an answer because I've made this mistake myself several times:

The CORS middleware only works on actual cross-domain requests

It is not fired if you just access a same domain request like typing a URL into the browser.

This means if you are testing you have to either use an actual cross-domain request from an XHR client on another port or domain, or an HTTP client that can explicitly poke an origin header into the HTTP request.

The problem was actually in the fact that there was an exception in the action processing the POST request and as Norgerman mentioned, the default exception handler cleared the CORS headers.