return Challenge() 被 CORB 阻止(ASP.NET 核心)
return Challenge() blocked by CORB (ASP.NET Core)
我已经建立了一个 ASP.NET 具有 Microsoft.AspNetCore.Identity 和外部登录的核心网站,以及一个 Angular 8 前端。
这基本上是我控制器中的代码:
[Controller]
[Route("web/[controller]")]
public class AccountController : Controller
{
// GET: web/Account/connect/{provider}
[AllowAnonymous]
[HttpGet("connect/{provider}", Name = "web-account-external-connect-challenge")]
public async Task<ActionResult> ExternalLogin(string provider)
{
var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account", new { provider });
var properties = signin_manager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
return Challenge(properties, provider);
}
// GET: web/Account/connect/{provider}/callback
[HttpGet("connect/{provider}/callback", Name = "web-account-external-connect-callback")]
public async Task<ActionResult> ExternalLoginCallback([FromRoute]string provider)
{
...
}
}
因此,当访问 /web/Account/connect/Facebook 时,您应该会看到 Facebook 登录页面。成功登录后,FB 将重定向到 ExternalLoginCallback,应用程序将处理登录(创建帐户、登录)。
现在看来我中了 CORB(以前从未听说过)。我知道 CORS,但 CORB 对我来说是新的。
您可以一窥动作here。
- 请开一个访客window(以免自动登录)
- 按 F12 打开开发者工具
- 导航到 https://mintplayer.com/account/login
- 点击社交登录按钮,出现弹出窗口,但带有 angular 应用程序的 404 页面(这也具有误导性)
- 按 F12 打开弹出窗口的开发者工具
- 出现以下信息
Cross-Origin Read Blocking (CORB) blocked cross-origin response
https://www.facebook.com/login.php?skip_api_login=1&api_key=...&kid_directed_site=0&app_id=...&signed_next=1&next=...&display=page&locale=nl_NL&pl_dbl=0
with MIME type text/html. See
https://www.chromestatus.com/feature/5629709824032768 for more
details.
应用程序始终显示 NotFoundComponent,但只有在按下 ctrl+F5(缓存清除)后,Facebook 登录页面才会出现。现在缓存清除与它无关,问题肯定是CORB。
return Challenge() 似乎立即从 Facebook 渲染登录页面,我自己没有 iframe URL。
我不知道该如何解决这个问题。我是否应该在响应中添加 Access-Control-Allow-Origin header 以允许我的应用程序 load/redirect 到 Facebook/Twitter/Google/Microsoft 登录页面?但我不打算肯定地允许所有来源...
PS。它在 localhost/development.
上工作得很好
信息:
版本信息:
- ASP.NET核心:3.1
- Microsoft.AspNetCore.Identity.EntityFrameworkCore: 3.1.1
- Microsoft.AspNetCore.Authentication.MicrosoftAccount: 3.1.1
- @angular/core: ~8.1.1
- @angular/pwa:^0.803.23
编辑:
好的,当我尝试浏览我的站点地图时:https://mintplayer.com/Sitemap 我得到了相同的结果,相同的行为和以下控制台警告:
Resource interpreted as Stylesheet but transferred with MIME type
application/xml: "https://mintplayer.com/assets/sitemap.xsl".
好的,经过一番挖掘,请求的资源(在我的例子中是 /web/Account/connect/Facebook、...、/signin-facebook、...和 /Sitemap)似乎在事实上被我的 serviceworker 缓存了。我像这样更新了我的 ngsw-config.json:
{
"$schema": "./node_modules/@angular/service-worker/config/schema.json",
"index": "/index.html",
"version": 6,
"assetGroups": [
...
],
"dataGroups": [
{
/* /web/... can be cached, /web/Account/... cannot */
"name": "web",
"urls": [ "/web", "!/web/Account" ],
"cacheConfig": {
"maxSize": 20,
"maxAge": "1d",
"strategy": "freshness"
}
},
{
/* /web/Account/... cannot be cached */
"name": "account",
"urls": [ "/web/Account" ],
"cacheConfig": {
"maxSize": 0,
"maxAge": "0u",
"strategy": "freshness"
}
},
{
/* /signin-** (defined by Identity) cannot be cached */
"name": "external-callback",
"urls": [ "/signin-microsoft", "/signin-google", "/signin-facebook", "/signin-twitter" ],
"cacheConfig": {
"maxSize": 0,
"maxAge": "0u",
"strategy": "freshness"
}
},
{
/* /Sitemap cannot be cached */
"name": "sitemap",
"urls": [ "/Sitemap" ],
"cacheConfig": {
"maxSize": 0,
"maxAge": "0u",
"strategy": "freshness"
}
}
],
"cacheConfig": {
"strategy": "freshness"
}
}
我已经建立了一个 ASP.NET 具有 Microsoft.AspNetCore.Identity 和外部登录的核心网站,以及一个 Angular 8 前端。 这基本上是我控制器中的代码:
[Controller]
[Route("web/[controller]")]
public class AccountController : Controller
{
// GET: web/Account/connect/{provider}
[AllowAnonymous]
[HttpGet("connect/{provider}", Name = "web-account-external-connect-challenge")]
public async Task<ActionResult> ExternalLogin(string provider)
{
var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account", new { provider });
var properties = signin_manager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
return Challenge(properties, provider);
}
// GET: web/Account/connect/{provider}/callback
[HttpGet("connect/{provider}/callback", Name = "web-account-external-connect-callback")]
public async Task<ActionResult> ExternalLoginCallback([FromRoute]string provider)
{
...
}
}
因此,当访问 /web/Account/connect/Facebook 时,您应该会看到 Facebook 登录页面。成功登录后,FB 将重定向到 ExternalLoginCallback,应用程序将处理登录(创建帐户、登录)。
现在看来我中了 CORB(以前从未听说过)。我知道 CORS,但 CORB 对我来说是新的。
您可以一窥动作here。
- 请开一个访客window(以免自动登录)
- 按 F12 打开开发者工具
- 导航到 https://mintplayer.com/account/login
- 点击社交登录按钮,出现弹出窗口,但带有 angular 应用程序的 404 页面(这也具有误导性)
- 按 F12 打开弹出窗口的开发者工具
- 出现以下信息
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.facebook.com/login.php?skip_api_login=1&api_key=...&kid_directed_site=0&app_id=...&signed_next=1&next=...&display=page&locale=nl_NL&pl_dbl=0 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
应用程序始终显示 NotFoundComponent,但只有在按下 ctrl+F5(缓存清除)后,Facebook 登录页面才会出现。现在缓存清除与它无关,问题肯定是CORB。
return Challenge() 似乎立即从 Facebook 渲染登录页面,我自己没有 iframe URL。
我不知道该如何解决这个问题。我是否应该在响应中添加 Access-Control-Allow-Origin header 以允许我的应用程序 load/redirect 到 Facebook/Twitter/Google/Microsoft 登录页面?但我不打算肯定地允许所有来源...
PS。它在 localhost/development.
上工作得很好信息:
版本信息:
- ASP.NET核心:3.1
- Microsoft.AspNetCore.Identity.EntityFrameworkCore: 3.1.1
- Microsoft.AspNetCore.Authentication.MicrosoftAccount: 3.1.1
- @angular/core: ~8.1.1
- @angular/pwa:^0.803.23
编辑:
好的,当我尝试浏览我的站点地图时:https://mintplayer.com/Sitemap 我得到了相同的结果,相同的行为和以下控制台警告:
Resource interpreted as Stylesheet but transferred with MIME type application/xml: "https://mintplayer.com/assets/sitemap.xsl".
好的,经过一番挖掘,请求的资源(在我的例子中是 /web/Account/connect/Facebook、...、/signin-facebook、...和 /Sitemap)似乎在事实上被我的 serviceworker 缓存了。我像这样更新了我的 ngsw-config.json:
{
"$schema": "./node_modules/@angular/service-worker/config/schema.json",
"index": "/index.html",
"version": 6,
"assetGroups": [
...
],
"dataGroups": [
{
/* /web/... can be cached, /web/Account/... cannot */
"name": "web",
"urls": [ "/web", "!/web/Account" ],
"cacheConfig": {
"maxSize": 20,
"maxAge": "1d",
"strategy": "freshness"
}
},
{
/* /web/Account/... cannot be cached */
"name": "account",
"urls": [ "/web/Account" ],
"cacheConfig": {
"maxSize": 0,
"maxAge": "0u",
"strategy": "freshness"
}
},
{
/* /signin-** (defined by Identity) cannot be cached */
"name": "external-callback",
"urls": [ "/signin-microsoft", "/signin-google", "/signin-facebook", "/signin-twitter" ],
"cacheConfig": {
"maxSize": 0,
"maxAge": "0u",
"strategy": "freshness"
}
},
{
/* /Sitemap cannot be cached */
"name": "sitemap",
"urls": [ "/Sitemap" ],
"cacheConfig": {
"maxSize": 0,
"maxAge": "0u",
"strategy": "freshness"
}
}
],
"cacheConfig": {
"strategy": "freshness"
}
}