英文:
CORS problem after migrating ASP web api app from .netcore2.* to net6.0
问题
我们的代码在从netcore2.*升级到netcore3.0以及一直升级到net6.0的过程中遇到了问题。
根据MS文章的指南,我现在在我们的客户端应用程序中看到了这个错误:
从<url1>到<url2>的访问已被CORS策略阻止:请求的资源上没有'Access-Control-Allow-Origin'标头。如果不透明的响应满足您的需求,请将请求的模式设置为'no-cors',以禁用CORS获取资源。
是否有一种方法可以在进行身份验证的情况下实现通配符CORS?
新代码(net 6.0)
在 ConfigureServices
中:
services.AddCors();
services.AddMvc(o => o.EnableEndpointRouting = false)
.AddNewtonsoftJson(options => { ... });
在 Configure
中:
app.UseCors(configurePolicy =>
{
configurePolicy.AllowAnyOrigin();
configurePolicy.AllowAnyHeader();
configurePolicy.AllowAnyMethod();
//configurePolicy.AllowCredentials();
});
app.UseMiddleware<OptionsMiddleware>();
app.UseMiddleware<BearerTokenMiddleware>();
app.UseWebSockets();
app.UseMvc();
旧代码(net 2.2)- 工作正常!
在 ConfigureServices
中:
services.AddCors();
services.AddMvc()
.AddJsonOptions(options => { ... });
在 Configure
中:
app.UseCors(configurePolicy =>
{
configurePolicy.AllowAnyOrigin();
configurePolicy.AllowAnyHeader();
configurePolicy.AllowAnyMethod();
configurePolicy.AllowCredentials();
});
app.UseMiddleware<OptionsMiddleware>();
app.UseMiddleware<BearerTokenMiddleware>();
app.UseWebSockets();
app.UseMvc();
请注意上述 AddMvc
的更改以及在 UseCors
中注释掉 AllowCredentials
的需要。
项目类型为 Microsoft.NET.Sdk.Web
。
英文:
Our code is falling foul of changes made during the upgrade from netcore2.* to netcore3.0 during our upgrade all the way to net6.0.
Following the guidlelines from the MS Article mean I now see this error in our client application:
Access to fetch at <url1> from origin <url2> has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Is there a way to achieve wildcard CORS with authentication?
NEW code (net 6.0)
In ConfigureServices
:
services.AddCors();
services.AddMvc(o => o.EnableEndpointRouting = false)
.AddNewtonsoftJson(options => { ... });
In Configure
:
app.UseCors(configurePolicy =>
{
configurePolicy.AllowAnyOrigin();
configurePolicy.AllowAnyHeader();
configurePolicy.AllowAnyMethod();
//configurePolicy.AllowCredentials();
});
app.UseMiddleware<OptionsMiddleware>();
app.UseMiddleware<BearerTokenMiddleware>();
app.UseWebSockets();
app.UseMvc();
OLD code (net 2.2) - working!
In ConfigureServices
:
services.AddCors();
services.AddMvc()
.AddJsonOptions(options => { ... });
In Configure
:
app.UseCors(configurePolicy =>
{
configurePolicy.AllowAnyOrigin();
configurePolicy.AllowAnyHeader();
configurePolicy.AllowAnyMethod();
configurePolicy.AllowCredentials();
});
app.UseMiddleware<OptionsMiddleware>();
app.UseMiddleware<BearerTokenMiddleware>();
app.UseWebSockets();
app.UseMvc();
Note the AddMvc
changes above and the need to comment out AllowCredentials
in UseCors
.
Project type is Microsoft.NET.Sdk.Web
.
答案1
得分: 1
我使用的代码是
app.UseRouting();
app.UseCors(x => x
.AllowAnyMethod()
.AllowAnyHeader()
.SetIsOriginAllowed(origin => true) // 允许任何来源
.AllowCredentials()); // 允许凭据
应该像这样工作
英文:
The code I use is
app.UseRouting();
app.UseCors(x => x
.AllowAnyMethod()
.AllowAnyHeader()
.SetIsOriginAllowed(origin => true) // allow any origin
.AllowCredentials()); // allow credentials
It should work like this
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论