英文:
CORS problem after migrating ASP web api app from .netcore2.* to net6.0
问题
我们的代码在从netcore2.*升级到netcore3.0以及一直升级到net6.0的过程中遇到了问题。
根据MS文章的指南,我现在在我们的客户端应用程序中看到了这个错误:
从<url1>到<url2>的访问已被CORS策略阻止:请求的资源上没有'Access-Control-Allow-Origin'标头。如果不透明的响应满足您的需求,请将请求的模式设置为'no-cors',以禁用CORS获取资源。
是否有一种方法可以在进行身份验证的情况下实现通配符CORS?
新代码(net 6.0)
在 ConfigureServices 中:
services.AddCors();services.AddMvc(o => o.EnableEndpointRouting = false).AddNewtonsoftJson(options => { ... });
在 Configure 中:
app.UseCors(configurePolicy =>{configurePolicy.AllowAnyOrigin();configurePolicy.AllowAnyHeader();configurePolicy.AllowAnyMethod();//configurePolicy.AllowCredentials();});app.UseMiddleware<OptionsMiddleware>();app.UseMiddleware<BearerTokenMiddleware>();app.UseWebSockets();app.UseMvc();
旧代码(net 2.2)- 工作正常!
在 ConfigureServices 中:
services.AddCors();services.AddMvc().AddJsonOptions(options => { ... });
在 Configure 中:
app.UseCors(configurePolicy =>{configurePolicy.AllowAnyOrigin();configurePolicy.AllowAnyHeader();configurePolicy.AllowAnyMethod();configurePolicy.AllowCredentials();});app.UseMiddleware<OptionsMiddleware>();app.UseMiddleware<BearerTokenMiddleware>();app.UseWebSockets();app.UseMvc();
请注意上述 AddMvc 的更改以及在 UseCors 中注释掉 AllowCredentials 的需要。
项目类型为 Microsoft.NET.Sdk.Web。
英文:
Our code is falling foul of changes made during the upgrade from netcore2.* to netcore3.0 during our upgrade all the way to net6.0.
Following the guidlelines from the MS Article mean I now see this error in our client application:
Access to fetch at <url1> from origin <url2> has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Is there a way to achieve wildcard CORS with authentication?
NEW code (net 6.0)
In ConfigureServices:
services.AddCors();services.AddMvc(o => o.EnableEndpointRouting = false).AddNewtonsoftJson(options => { ... });
In Configure:
app.UseCors(configurePolicy =>{configurePolicy.AllowAnyOrigin();configurePolicy.AllowAnyHeader();configurePolicy.AllowAnyMethod();//configurePolicy.AllowCredentials();});app.UseMiddleware<OptionsMiddleware>();app.UseMiddleware<BearerTokenMiddleware>();app.UseWebSockets();app.UseMvc();
OLD code (net 2.2) - working!
In ConfigureServices:
services.AddCors();services.AddMvc().AddJsonOptions(options => { ... });
In Configure:
app.UseCors(configurePolicy =>{configurePolicy.AllowAnyOrigin();configurePolicy.AllowAnyHeader();configurePolicy.AllowAnyMethod();configurePolicy.AllowCredentials();});app.UseMiddleware<OptionsMiddleware>();app.UseMiddleware<BearerTokenMiddleware>();app.UseWebSockets();app.UseMvc();
Note the AddMvc changes above and the need to comment out AllowCredentials in UseCors.
Project type is Microsoft.NET.Sdk.Web.
答案1
得分: 1
我使用的代码是
app.UseRouting();app.UseCors(x => x.AllowAnyMethod().AllowAnyHeader().SetIsOriginAllowed(origin => true) // 允许任何来源.AllowCredentials()); // 允许凭据
应该像这样工作 
英文:
The code I use is
app.UseRouting();app.UseCors(x => x.AllowAnyMethod().AllowAnyHeader().SetIsOriginAllowed(origin => true) // allow any origin.AllowCredentials()); // allow credentials
It should work like this
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论