Problem
You've configured CORS in Program.cs, it works perfectly on localhost, but once deployed your API returns:
Access to XMLHttpRequest has been blocked by CORS policy
Root Cause
The most common culprit: order of middleware matters. UseCors() must be called before UseAuthorization() and UseEndpoints().
Solution
app.UseRouting();
app.UseCors("AllowFrontend"); // MUST come before UseAuthorization
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
Also ensure your policy name matches exactly — C# string comparison is case-sensitive.