对 XMLHttpRequest 的访问已被 https 重定向中的 CORS 策略阻止,除非我清理浏览器
Access to XMLHttpRequest has been blocked by CORS policy in https redirect unless I clean browser
我有一个 angular + .net core 2.1 应用程序。仅使用 http 时效果很好,现在我想重定向到 https。
但是每次我启动应用程序登录时都出现错误
Access to XMLHttpRequest at ’https://appgee.mycompany.com:5001/’ from
origin ’https://app.mysite.com:5001’ has been blocked by CORS policy:
The ‘Access-Control-Allow-Origin’ header has a value
’https://app.mysite.com:5001’ that is not equal to the supplied origin
如果我清理浏览器数据,错误就消失了。但这对用户来说是不方便的。
我在 .net 核心中的代码:
services.AddCors(o => o.AddPolicy("CorsPolicy", builder => {
builder
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
.AllowAnyOrigin();
}));
app.UseHttpsRedirection();
我使用 apigee 进行身份验证,在 angular 我将请求 header 设置为 api 请求 apigee 作为(在拦截器中):
SetHeaders: {
Authorization: 'Bearer $ {token.access_token}',
'Access-Control-Allow-Origin': '*',
你看我已经在前端和后端都允许 origin 了。但为什么会这样?
更新:
我拥有的 Apigee 目标端点
<HTTPTargetConnection>
<Properties/>
<URL>http://app.mysite.com:5001</URL>
</HTTPTargetConnection>
app.UseCors("CorsPolicy");
根据 https://weblog.west-wind.com/posts/2016/sep/26/aspnet-core-and-cors-gotchas
的讨论
@Kristian - the middleware order definitely matters, although you may be right that it has the important order is in the Configure() method, not ConfigureServices(). To be safe I make sure I have the CORS definition before MVC in both places. Checking now to see which one actually matters, or not at all. Several references mention this explicitly.
所以我把 UseCors 放在方法的第一行。
我有一个 angular + .net core 2.1 应用程序。仅使用 http 时效果很好,现在我想重定向到 https。 但是每次我启动应用程序登录时都出现错误
Access to XMLHttpRequest at ’https://appgee.mycompany.com:5001/’ from origin ’https://app.mysite.com:5001’ has been blocked by CORS policy: The ‘Access-Control-Allow-Origin’ header has a value ’https://app.mysite.com:5001’ that is not equal to the supplied origin
如果我清理浏览器数据,错误就消失了。但这对用户来说是不方便的。 我在 .net 核心中的代码:
services.AddCors(o => o.AddPolicy("CorsPolicy", builder => {
builder
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
.AllowAnyOrigin();
}));
app.UseHttpsRedirection();
我使用 apigee 进行身份验证,在 angular 我将请求 header 设置为 api 请求 apigee 作为(在拦截器中):
SetHeaders: {
Authorization: 'Bearer $ {token.access_token}',
'Access-Control-Allow-Origin': '*',
你看我已经在前端和后端都允许 origin 了。但为什么会这样?
更新:
我拥有的 Apigee 目标端点
<HTTPTargetConnection>
<Properties/>
<URL>http://app.mysite.com:5001</URL>
</HTTPTargetConnection>
app.UseCors("CorsPolicy");
根据 https://weblog.west-wind.com/posts/2016/sep/26/aspnet-core-and-cors-gotchas
的讨论@Kristian - the middleware order definitely matters, although you may be right that it has the important order is in the Configure() method, not ConfigureServices(). To be safe I make sure I have the CORS definition before MVC in both places. Checking now to see which one actually matters, or not at all. Several references mention this explicitly.
所以我把 UseCors 放在方法的第一行。