CORS problem after migrating ASP web api app from .netcore2.* to net6.0

huangapple go评论71阅读模式
英文:

CORS problem after migrating ASP web api app from .netcore2.* to net6.0

问题

我们的代码在从netcore2.*升级到netcore3.0以及一直升级到net6.0的过程中遇到了问题。

根据MS文章的指南,我现在在我们的客户端应用程序中看到了这个错误:

从<url1>到<url2>的访问已被CORS策略阻止:请求的资源上没有'Access-Control-Allow-Origin'标头。如果不透明的响应满足您的需求,请将请求的模式设置为'no-cors',以禁用CORS获取资源。

是否有一种方法可以在进行身份验证的情况下实现通配符CORS?

新代码(net 6.0)

ConfigureServices 中:

        services.AddCors();
        services.AddMvc(o => o.EnableEndpointRouting = false)
            .AddNewtonsoftJson(options => { ... });

Configure 中:

        app.UseCors(configurePolicy =>
        {
            configurePolicy.AllowAnyOrigin();
            configurePolicy.AllowAnyHeader();
            configurePolicy.AllowAnyMethod();
            //configurePolicy.AllowCredentials();  
        });

        app.UseMiddleware<OptionsMiddleware>();
        app.UseMiddleware<BearerTokenMiddleware>();

        app.UseWebSockets();
        app.UseMvc();

旧代码(net 2.2)- 工作正常!

ConfigureServices 中:

        services.AddCors();
        services.AddMvc()
            .AddJsonOptions(options => { ... });

Configure 中:

        app.UseCors(configurePolicy =>
        {
            configurePolicy.AllowAnyOrigin();
            configurePolicy.AllowAnyHeader();
            configurePolicy.AllowAnyMethod();
            configurePolicy.AllowCredentials();
        });

        app.UseMiddleware<OptionsMiddleware>();
        app.UseMiddleware<BearerTokenMiddleware>();

        app.UseWebSockets();
        app.UseMvc();

请注意上述 AddMvc 的更改以及在 UseCors 中注释掉 AllowCredentials 的需要。

项目类型为 Microsoft.NET.Sdk.Web

英文:

Our code is falling foul of changes made during the upgrade from netcore2.* to netcore3.0 during our upgrade all the way to net6.0.

Following the guidlelines from the MS Article mean I now see this error in our client application:

Access to fetch at &lt;url1&gt; from origin &lt;url2&gt; has been blocked by CORS policy: No &#39;Access-Control-Allow-Origin&#39; header is present on the requested resource. If an opaque response serves your needs, set the request&#39;s mode to &#39;no-cors&#39; to fetch the resource with CORS disabled.

Is there a way to achieve wildcard CORS with authentication?

NEW code (net 6.0)

In ConfigureServices:

        services.AddCors();
        services.AddMvc(o =&gt; o.EnableEndpointRouting = false)
            .AddNewtonsoftJson(options =&gt; { ... });

In Configure:

        app.UseCors(configurePolicy =&gt;
        {
            configurePolicy.AllowAnyOrigin();
            configurePolicy.AllowAnyHeader();
            configurePolicy.AllowAnyMethod();
            //configurePolicy.AllowCredentials();  
        });

        app.UseMiddleware&lt;OptionsMiddleware&gt;();
        app.UseMiddleware&lt;BearerTokenMiddleware&gt;();

        app.UseWebSockets();
        app.UseMvc();

OLD code (net 2.2) - working!

In ConfigureServices:

        services.AddCors();
        services.AddMvc()
            .AddJsonOptions(options =&gt; { ... });

In Configure:

        app.UseCors(configurePolicy =&gt;
        {
            configurePolicy.AllowAnyOrigin();
            configurePolicy.AllowAnyHeader();
            configurePolicy.AllowAnyMethod();
            configurePolicy.AllowCredentials();
        });

        app.UseMiddleware&lt;OptionsMiddleware&gt;();
        app.UseMiddleware&lt;BearerTokenMiddleware&gt;();

        app.UseWebSockets();
        app.UseMvc();

Note the AddMvc changes above and the need to comment out AllowCredentials in UseCors.

Project type is Microsoft.NET.Sdk.Web.

答案1

得分: 1

我使用的代码是

app.UseRouting();    
app.UseCors(x => x
                .AllowAnyMethod()
                .AllowAnyHeader()
                .SetIsOriginAllowed(origin => true) // 允许任何来源
                .AllowCredentials()); // 允许凭据

应该像这样工作 CORS problem after migrating ASP web api app from .netcore2.* to net6.0

英文:

The code I use is

app.UseRouting();    
app.UseCors(x =&gt; x
                .AllowAnyMethod()
                .AllowAnyHeader()
                .SetIsOriginAllowed(origin =&gt; true) // allow any origin
                .AllowCredentials()); // allow credentials

It should work like this CORS problem after migrating ASP web api app from .netcore2.* to net6.0

huangapple
  • 本文由 发表于 2023年1月9日 19:34:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/75056686.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定