return Challenge() 被 CORB 阻止(ASP.NET 核心)

return Challenge() blocked by CORB (ASP.NET Core)

我已经建立了一个 ASP.NET 具有 Microsoft.AspNetCore.Identity 和外部登录的核心网站,以及一个 Angular 8 前端。 这基本上是我控制器中的代码:

[Controller]
[Route("web/[controller]")]
public class AccountController : Controller
{
    // GET: web/Account/connect/{provider}
    [AllowAnonymous]
    [HttpGet("connect/{provider}", Name = "web-account-external-connect-challenge")]
    public async Task<ActionResult> ExternalLogin(string provider)
    {
        var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account", new { provider });
        var properties = signin_manager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
        return Challenge(properties, provider);
    }

    // GET: web/Account/connect/{provider}/callback
    [HttpGet("connect/{provider}/callback", Name = "web-account-external-connect-callback")]
    public async Task<ActionResult> ExternalLoginCallback([FromRoute]string provider)
    {
        ...
    }
}

因此,当访问 /web/Account/connect/Facebook 时,您应该会看到 Facebook 登录页面。成功登录后,FB 将重定向到 ExternalLoginCallback,应用程序将处理登录(创建帐户、登录)。

现在看来我中了 CORB(以前从未听说过)。我知道 CORS,但 CORB 对我来说是新的。

您可以一窥动作here

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.facebook.com/login.php?skip_api_login=1&api_key=...&kid_directed_site=0&app_id=...&signed_next=1&next=...&display=page&locale=nl_NL&pl_dbl=0 with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

应用程序始终显示 NotFoundComponent,但只有在按下 ctrl+F5(缓存清除)后,Facebook 登录页面才会出现。现在缓存清除与它无关,问题肯定是CORB。

return Challenge() 似乎立即从 Facebook 渲染登录页面,我自己没有 iframe URL。

我不知道该如何解决这个问题。我是否应该在响应中添加 Access-Control-Allow-Origin header 以允许我的应用程序 load/redirect 到 Facebook/Twitter/Google/Microsoft 登录页面?但我不打算肯定地允许所有来源...

PS。它在 localhost/development.

上工作得很好

信息:

版本信息:

编辑:

好的,当我尝试浏览我的站点地图时:https://mintplayer.com/Sitemap 我得到了相同的结果,相同的行为和以下控制台警告:

Resource interpreted as Stylesheet but transferred with MIME type application/xml: "https://mintplayer.com/assets/sitemap.xsl".

好的,经过一番挖掘,请求的资源(在我的例子中是 /web/Account/connect/Facebook、...、/signin-facebook、...和 ​​/Sitemap)似乎在事实上被我的 serviceworker 缓存了。我像这样更新了我的 ngsw-config.json:

{
  "$schema": "./node_modules/@angular/service-worker/config/schema.json",
  "index": "/index.html",
  "version": 6,
  "assetGroups": [
    ...
  ],
  "dataGroups": [
    {
      /* /web/... can be cached, /web/Account/... cannot */
      "name": "web",
      "urls": [ "/web", "!/web/Account" ],
      "cacheConfig": {
        "maxSize": 20,
        "maxAge": "1d",
        "strategy": "freshness"
      }
    },
    {
      /* /web/Account/... cannot be cached */
      "name": "account",
      "urls": [ "/web/Account" ],
      "cacheConfig": {
        "maxSize": 0,
        "maxAge": "0u",
        "strategy": "freshness"
      }
    },
    {
      /* /signin-** (defined by Identity) cannot be cached */
      "name": "external-callback",
      "urls": [ "/signin-microsoft", "/signin-google", "/signin-facebook", "/signin-twitter" ],
      "cacheConfig": {
        "maxSize": 0,
        "maxAge": "0u",
        "strategy": "freshness"
      }
    },
    {
      /* /Sitemap cannot be cached */
      "name": "sitemap",
      "urls": [ "/Sitemap" ],
      "cacheConfig": {
        "maxSize": 0,
        "maxAge": "0u",
        "strategy": "freshness"
      }
    }
  ],
  "cacheConfig": {
    "strategy": "freshness"
  }
}