CORS 策略 - 对预检请求的响应
CORS policy - response to preflight request
我正在我的 .NET Core 3.1 网络应用程序中设置 CORS 策略,但我收到一条错误消息
Access to XMLHttpRequest at 'http://10.10.100.60/api/api/values/getmyorders?toOrder=false&uId=8c3d745b-78b7-47ed-ac93-310fe61b8daf' from origin 'http://10.10.100.66:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
我以前从未遇到过这种预检错误。
这是我的 Startup 的样子
public void ConfigureServices(IServiceCollection services)
{
//code shortened for brevity
services.AddCors();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddProvider(new Log4NetProvider("log4net.config", true));
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseCors(x => x
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
我也尝试使用其他 CORS 方法,例如带有命名策略和中间件的 CORS 以及默认策略,但我仍然遇到相同的预检错误。对我如何进行有什么建议吗?
这是几个小时后对我有用的方法。
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowAllHeaders",
builder =>
{
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseCors("AllowAllHeaders");
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
我现在只使用 AllowAnyOrigin()、AllowAnyHeader() 和 AllowAnyMethod()。我假设 AllowCredentials() 有问题。希望这个答案对以后的人有所帮助。
我正在我的 .NET Core 3.1 网络应用程序中设置 CORS 策略,但我收到一条错误消息
Access to XMLHttpRequest at 'http://10.10.100.60/api/api/values/getmyorders?toOrder=false&uId=8c3d745b-78b7-47ed-ac93-310fe61b8daf' from origin 'http://10.10.100.66:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
我以前从未遇到过这种预检错误。
这是我的 Startup 的样子
public void ConfigureServices(IServiceCollection services)
{
//code shortened for brevity
services.AddCors();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddProvider(new Log4NetProvider("log4net.config", true));
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseCors(x => x
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
我也尝试使用其他 CORS 方法,例如带有命名策略和中间件的 CORS 以及默认策略,但我仍然遇到相同的预检错误。对我如何进行有什么建议吗?
这是几个小时后对我有用的方法。
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowAllHeaders",
builder =>
{
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseCors("AllowAllHeaders");
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
我现在只使用 AllowAnyOrigin()、AllowAnyHeader() 和 AllowAnyMethod()。我假设 AllowCredentials() 有问题。希望这个答案对以后的人有所帮助。