.NET Core中的CORS

编程入门行业动态更新时间:2024-10-24 10:27:40

本文介绍了.NET Core中的CORS的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！问题描述

我试图以这种方式在.NET Core中启用CORS：

I am trying to enable CORS in .NET Core in this way:

public IConfigurationRoot Configuration { get; } public void ConfigureServices(IServiceCollection services) { services.AddCors(options => options.AddPolicy("AllowAll", p => p.AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader())); services.AddMvc(); } public void Configure(IApplicationBuilder app) { app.UseCors("AllowAll"); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); } }

但是，当我发送使用Angular 2对我的应用程序的请求我得到了著名的

However, when I am sending a request to my app with Angular 2 I am getting the famous

没有'Access-Control-Allow-Origin'标头存在请求的资源。

"No 'Access-Control-Allow-Origin' header is present on the requested resource."

错误消息。

I我也使用Windows身份验证+ WebListener。如果我要与邮递员联系，则唯一的响应标头是：

I am also using Windows Authentication + WebListener. If I am checking with postman the only response headers are:

Content-Length→3533 Content-Type →application / json; charset = utf-8 日期→2016年10月14日星期五12:17:57 GMT服务器→Microsoft-HTTPAPI / 2.0

Content-Length →3533 Content-Type →application/json; charset=utf-8 Date →Fri, 14 Oct 2016 12:17:57 GMT Server →Microsoft-HTTPAPI/2.0

因此仍然必须配置一些错误。有建议吗？

So there must be still something wrong configured. Any proposals?

如果我删除了注释过的行，则可以，但是我需要Windows身份验证：-（

If I remove the outcommented line it works, but I need Windows Authentication :-(

var host = new WebHostBuilder() .UseWebListener() .UseContentRoot(Directory.GetCurrentDirectory()) .UseIISIntegration() .UseStartup<Startup>() //.UseWebListener(options => options.Listener.AuthenticationManager.AuthenticationSchemes = AuthenticationSchemes.NTLM) .Build();

推荐答案

假设您已回答问题，但出于对搜索者的利益，我对该标准也遇到了同样的问题 .NET Core Cors 上的教程。

Assume you have the answer, but for the benefit of searchers, I had the same problem with the standard tutorial on .NET Core Cors.

遇到的许多错误之一：

XMLHttpRequest无法加载localhost：64633 / api / blogs。响应到预检请求不会结束s的访问控制检查：所请求的资源上没有 Access-Control-Allow-Origin标头。因此，不允许访问原始地址 localhost：56573。响应的HTTP状态代码为500。

XMLHttpRequest cannot load localhost:64633/api/blogs. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'localhost:56573' is therefore not allowed access. The response had HTTP status code 500.

在玩了之后，以下代码起作用了。

After playing around, the following code worked. Full class posted below to aid understanding of what goes where.

using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Microsoft.EntityFrameworkCore; using Microsoft.AspNetCore.Cors.Infrastructure; namespace NetCoreWebApiTesting { public class Startup { public Startup(IHostingEnvironment env) { var builder = new ConfigurationBuilder() .SetBasePath(env.ContentRootPath) .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true) .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true); if (env.IsEnvironment("Development")) { // This will push telemetry data through Application Insights pipeline faster, allowing you to view results immediately. builder.AddApplicationInsightsSettings(developerMode: true); } builder.AddEnvironmentVariables(); Configuration = builder.Build(); } public IConfigurationRoot Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container public void ConfigureServices(IServiceCollection services) { // Add framework services. services.AddApplicationInsightsTelemetry(Configuration); services.AddMvc().AddJsonOptions(options => options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore); // ******************** // Setup CORS // ******************** var corsBuilder = new CorsPolicyBuilder(); corsBuilder.AllowAnyHeader(); corsBuilder.AllowAnyMethod(); corsBuilder.AllowAnyOrigin(); // For anyone access. //corsBuilder.WithOrigins("localhost:56573"); // for a specific url. Don't add a forward slash on the end! corsBuilder.AllowCredentials(); services.AddCors(options => { options.AddPolicy("SiteCorsPolicy", corsBuilder.Build()); }); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); app.UseApplicationInsightsRequestTelemetry(); app.UseApplicationInsightsExceptionTelemetry(); app.UseMvc(); // ******************** // USE CORS - might not be required. // ******************** app.UseCors("SiteCorsPolicy"); } } }

要使用它，您可以添加 EnableCorsAttribute 在控制器或方法上。例如

To use it you can add the EnableCorsAttribute either on the controller or on the method. e.g.

[EnableCors("SiteCorsPolicy")] [Route("api/[controller]")] public class BlogsController : Controller { }

或

// POST api/value [EnableCors("SiteCorsPolicy")] [HttpPost] public HttpResponseMessage Post([FromBody]Blog value) { // Do something with the blog here.... var msg = new HttpResponseMessage(System.Net.HttpStatusCode.OK); return msg; }

当我使用以下代码调用此代码时（使用标准js / jQuery，以便于复制和粘贴），通讯不再被拒绝。

When I called this using the following code (using standard js/jQuery for easy of copy and paste), the communication stopped being rejected.

更多推荐

.NET Core中的CORS

本文发布于:2023-11-10 09:35:47，感谢您对本站的认可！

本文链接:https://www.elefans.com/category/jswz/34/1575016.html