Enable CORS for any port on localhost

ASP.NET Core's SetIsOriginAllowed method gives you full control over whether or not an origin is allowed to participate in CORS. Here's an example based on your code sample:

if(_environment.IsDevelopment())
{
    options.AddDefaultPolicy(builder =>
    {
        builder.SetIsOriginAllowed(origin => new Uri(origin).Host == "localhost");
    });
}
else
{
    // ...
}

The origin value passed in to the SetIsOriginAllowed delegate is the full origin, which looks something like http://localhost:8080. Using Uri, the code above compares the Host against localhost, which ends up allowing all localhost origins.