我正在尝试在我的ASP上启用跨起源资源共享。NET核心Web API,但我卡住了。
EnableCors属性接受字符串类型的policyName作为参数:
// Summary:
// Creates a new instance of the Microsoft.AspNetCore.Cors.Core.EnableCorsAttribute.
//
// Parameters:
// policyName:
// The name of the policy to be applied.
public EnableCorsAttribute(string policyName);
policyName是什么意思,如何在ASP上配置CORS。NET核心Web API?
当前回答
ASP。NET核心Web API
在ConfigureServices中添加services.AddCors();之前services.AddControllers ();
在“配置”中添加UseCors
app.UseCors(x => x
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
其他回答
如果你得到错误“没有'Access-Control-Allow-Origin'头是存在于所请求的资源。”特别是对于PUT和DELETE请求,您可以尝试在IIS上禁用WebDAV。
显然,WebDAVModule默认启用,默认禁用PUT和DELETE请求。
禁用WebDAVModule,添加到你的web.config:
<system.webServer>
<modules runAllManagedModulesForAllRequests="false">
<remove name="WebDAVModule" />
</modules>
</system.webServer>
这涵盖每个端点。如果你想阻止某个端点,使用这个注释[DisableCors] 这里描述得很好。 https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-5.0
在app.authentication()和app.routing()之间添加app.usecors(policyName)在Configure方法中。 在configureService方法中
services.AddCors(options => options.AddPolicy(name: mypolicy, builder => { builder.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin(); }));
在每个控制器中添加[EnableCors("mypolicy")]
[EnableCors("mypolicy")]
[Route("api/[controller]")] [ApiController]
public class MyController : ControllerBase
eg:-
namespace CompanyApi2
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this //method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
options.AddPolicy(name: mypolicy,
builder =>
{
builder.AllowAnyHeader().AllowAnyMethod()
.AllowAnyOrigin();
})); //add this
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddScoped<IDatarepository, DatabaseRepository>();
}
public string mypolicy = "mypolicy";
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseCors(mypolicy); //add this
app.UseHttpsRedirection();
app.UseMvc();
}
}
}
ASP。NET核心Web API
在ConfigureServices中添加services.AddCors();之前services.AddControllers ();
在“配置”中添加UseCors
app.UseCors(x => x
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
注意“/”在最后-会阻塞CORS的原点
builder.WithOrigins("http://example.com/","http://localhost:55233/");
将阻止
use
builder.WithOrigins("http://example.com","http://localhost:55233");
得到这个工作与。net Core 3.1如下
确保你把UseCors代码放在app.UseRouting()之间;和app.UseAuthentication ();
app.UseHttpsRedirection();
app.UseRouting();
app.UseCors("CorsApi");
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints => {
endpoints.MapControllers();
});
然后将此代码放在ConfigureServices方法中
services.AddCors(options =>
{
options.AddPolicy("CorsApi",
builder => builder.WithOrigins("http://localhost:4200", "http://mywebsite.com")
.AllowAnyHeader()
.AllowAnyMethod());
});
在基本控制器上面我放了这个
[EnableCors("CorsApi")]
[Route("api/[controller]")]
[ApiController]
public class BaseController : ControllerBase
现在我所有的控制器都将继承BaseController,并启用CORS
