我正在尝试在我的ASP上启用跨起源资源共享。NET核心Web API,但我卡住了。
EnableCors属性接受字符串类型的policyName作为参数:
// Summary:
// Creates a new instance of the Microsoft.AspNetCore.Cors.Core.EnableCorsAttribute.
//
// Parameters:
// policyName:
// The name of the policy to be applied.
public EnableCorsAttribute(string policyName);
policyName是什么意思,如何在ASP上配置CORS。NET核心Web API?
当前回答
如果你得到错误“没有'Access-Control-Allow-Origin'头是存在于所请求的资源。”特别是对于PUT和DELETE请求,您可以尝试在IIS上禁用WebDAV。
显然,WebDAVModule默认启用,默认禁用PUT和DELETE请求。
禁用WebDAVModule,添加到你的web.config:
<system.webServer>
<modules runAllManagedModulesForAllRequests="false">
<remove name="WebDAVModule" />
</modules>
</system.webServer>
其他回答
特别是在dotnet核心2.2中,你必须改变SignalR
.WithOrigins (http://localhost: 3000)或
.SetIsOriginAllowed(isOriginAllowed: _ => true) //所有源
用.AllowCredentials()代替。allowanyorigin ()
https://trailheadtechnology.com/breaking-change-in-aspnetcore-2-2-for-signalr-and-cors/
https://github.com/aspnet/AspNetCore/issues/4483
在我设法在最琐碎的CORS问题上浪费了两个小时后,一些故障排除技巧:
If you see CORS policy execution failed logged... Don't assume that your CORS policy is not executing properly. In fact, the CORS middleware works, and your policy is executing properly. The only thing this badly worded message means is that the request's origin doesn't match any of the allowed origins (see source), i.e. the request is disallowed. The origin check (as of ASP.NET Core 5.0) happens in a very simple way... i.e. case-sensitive ordinal string comparison (see source) between the strings you provided via WithOrigins() and what exists in HttpContext.Request.Headers[Origin]. CORS can fail if you set an allowed origin with a trailing slash /, or if it contains uppercase letters. (In my case I did in fact accidentally copy the host with a trailing slash.)
对于“c# - ASP Net Core Web API (Net Core 3.1 LTS)”,它为我工作…
在Startup.cs文件:
在“ConfigureServices”函数中添加以下代码:
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
});
注意:在“CorsPolicy”的情况下,你可以改变你喜欢的或在“Startup”类中使用全局变量。
在“Configure”函数中添加以下代码:
app.UseCors("CorsPolicy");
检查函数的调用顺序,它应该是这样的:
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseCors("CorsPolicy");
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
最后,在你的控制器类中,将下面的代码添加到你的函数之上:
[EnableCors("CorsPolicy")]
例如:
[EnableCors("CorsPolicy")]
[HttpPost("UserLoginWithGoogle")]
public async Task<ActionResult<Result>> UserLoginWithGoogle([FromBody] TokenUser tokenUser)
{
Result result = await usersGoogleHW.UserLoginWithGoogle(tokenUser.Token);
return new JsonResult(result);
}
注意:“CorsPolicy”必须在启动和控制器中匹配。
祝你好运……
对于Web API(ASP。Net core 6.0) 在Program.cs中,只需在builder.Build()之前添加;
builder.Services.AddCors(p => p.AddPolicy("corsapp", builder =>
{
builder.WithOrigins("*").AllowAnyMethod().AllowAnyHeader();
}));
也添加
app.UseCors("corsapp");
ASP。NET Core 6:
var MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddCors(options =>
{
options.AddPolicy(name: MyAllowSpecificOrigins,
builder =>
{
builder.WithOrigins("http://example.com",
"http://www.contoso.com");
});
});
// services.AddResponseCaching();
builder.Services.AddControllers();
var app = builder.Build();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseCors(MyAllowSpecificOrigins);
app.UseAuthorization();
app.MapControllers();
app.Run();
更多样品请参考官方文档。
ASP。NET Core 3.1和5.0:
你必须在应用程序启动时在ConfigureServices方法中配置CORS策略:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
{
builder.WithOrigins("http://example.com")
.AllowAnyMethod()
.AllowAnyHeader();
}));
// ...
}
builder中的CorsPolicyBuilder允许您根据需要配置策略。你现在可以使用这个名字将策略应用到控制器和动作上:
[EnableCors("MyPolicy")]
或者把它应用到每一个请求上:
public void Configure(IApplicationBuilder app)
{
app.UseCors("MyPolicy");
// ...
// This should always be called last to ensure that
// middleware is registered in the correct order.
app.UseMvc();
}
