无法为 ASP.NET Core WebApp 中针对 netcoreapp3.0 的特定 API 控制器启用 CORS
Can't enable CORS for specific API controllers in ASP.NET Core WebApp targeting netcoreapp3.0
我正在尝试为 ASP.NET 核心应用程序中的特定 API 控制器启用 CORS。首先,我安装 NuGet 包,并将其添加到我的 .csproj:
<PackageReference Include="Microsoft.AspNetCore.Cors" Version="2.2.0" />
然后,我在 ConfigureServices 中添加以下内容:
services.AddCors(options => {
options.AddPolicy("AllowAll", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
});
之后,如果我在我的 Configure 中添加它,它会起作用:
app.UseCors("AllowAll");
但是,这会为所有控制器启用 CORS。我只想为 SessionApiController 启用它。如果我改为将 EnableCorsAttribute 添加到控制器:
[Route("api/session")]
[EnableCors("AllowAll")]
[ApiController]
public class SessionApiController : Controller {
[...]
[Route("init")]
public JsonResult InitSession() {
[...]
}
}
... 它不起作用,当我尝试访问 /api/session/init 端点 ("No 'Access-Control-Allow-Origin' header is present on the requested resource.") 时,Chrome 给我一个 CORS 错误。我在这里错过了什么?
考虑以下 ASP.NET 核心 WebApp:
App.csproj:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.0</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Cors" Version="2.2.0" />
</ItemGroup>
</Project>
摘自Startup.cs:
public void ConfigureServices(IServiceCollection services) {
services.AddCors(options => {
options.AddPolicy("AllowAll", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
});
services.AddControllers();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
app.UseCors(); // Doesn't work
//app.UseCors("AllowAll"); // Works
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints => {
endpoints.MapControllers();
});
}
从要应用 AllowAll 策略的控制器中提取:
[EnableCors("AllowAll")]
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
为了在其中正确应用 CORS,您需要将以下更改应用到代码中,如 migration MS docs 中所述:
- 删除 deprecated
Microsoft.AspNetCore.* packages,在您的情况下 Microsoft.AspNetCore.Cors。这导致您的 .csproj 看起来像:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.0</TargetFramework>
</PropertyGroup>
</Project>
请仔细遵循 msdoc 中的 middleware migration advice,因为顺序很重要!。这导致 Startup#Configure 如下所示:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseRouting();
// AFAIK in netcoreapp2.2 this was not required
// to use CORS with attributes.
// This is now required, as otherwise a runtime exception is thrown
// UseCors applies a global CORS policy, when no policy name is given
// the default CORS policy is applied
app.UseCors();
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseAuthorization();
app.UseEndpoints(endpoints => {
endpoints.MapControllers();
});
}
我正在尝试为 ASP.NET 核心应用程序中的特定 API 控制器启用 CORS。首先,我安装 NuGet 包,并将其添加到我的 .csproj:
<PackageReference Include="Microsoft.AspNetCore.Cors" Version="2.2.0" />
然后,我在 ConfigureServices 中添加以下内容:
services.AddCors(options => {
options.AddPolicy("AllowAll", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
});
之后,如果我在我的 Configure 中添加它,它会起作用:
app.UseCors("AllowAll");
但是,这会为所有控制器启用 CORS。我只想为 SessionApiController 启用它。如果我改为将 EnableCorsAttribute 添加到控制器:
[Route("api/session")]
[EnableCors("AllowAll")]
[ApiController]
public class SessionApiController : Controller {
[...]
[Route("init")]
public JsonResult InitSession() {
[...]
}
}
... 它不起作用,当我尝试访问 /api/session/init 端点 ("No 'Access-Control-Allow-Origin' header is present on the requested resource.") 时,Chrome 给我一个 CORS 错误。我在这里错过了什么?
考虑以下 ASP.NET 核心 WebApp:
App.csproj:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.0</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Cors" Version="2.2.0" />
</ItemGroup>
</Project>
摘自Startup.cs:
public void ConfigureServices(IServiceCollection services) {
services.AddCors(options => {
options.AddPolicy("AllowAll", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
});
services.AddControllers();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
app.UseCors(); // Doesn't work
//app.UseCors("AllowAll"); // Works
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints => {
endpoints.MapControllers();
});
}
从要应用 AllowAll 策略的控制器中提取:
[EnableCors("AllowAll")]
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
为了在其中正确应用 CORS,您需要将以下更改应用到代码中,如 migration MS docs 中所述:
- 删除 deprecated
Microsoft.AspNetCore.*packages,在您的情况下Microsoft.AspNetCore.Cors。这导致您的.csproj看起来像:
<Project Sdk="Microsoft.NET.Sdk.Web"> <PropertyGroup> <TargetFramework>netcoreapp3.0</TargetFramework> </PropertyGroup> </Project>
请仔细遵循 msdoc 中的 middleware migration advice,因为顺序很重要!。这导致
Startup#Configure如下所示:public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { app.UseRouting(); // AFAIK in netcoreapp2.2 this was not required // to use CORS with attributes. // This is now required, as otherwise a runtime exception is thrown // UseCors applies a global CORS policy, when no policy name is given // the default CORS policy is applied app.UseCors(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseHttpsRedirection(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); }