[英]Access-Control-Allow-Origin appearing twice on header request ASP.NET Web API
One one of my ASP.NET Web API controllers.我的 ASP.NET Web API 控制器之一。 I am getting the following error returned on my client application:
我的客户端应用程序返回以下错误:
Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
对预检请求的响应未通过访问控制检查:“Access-Control-Allow-Origin”标头包含多个值“*、*”,但只允许一个。 Origin ' http://localhost:8100 ' is therefore not allowed access.
因此,不允许访问源“ http://localhost:8100 ”。
I recognise that this error occurs because the header contains multiple values.我认识到发生此错误是因为标头包含多个值。 I can see this in the 'Response Headers' when the call is made to the API via Chrome, it looks like this:
当通过 Chrome 调用 API 时,我可以在“响应标头”中看到这一点,如下所示:
HTTP/1.1 200 OK
HTTP/1.1 200 正常
Cache-Control: no-cache
缓存控制:无缓存
Content-Length: 0
内容长度:0
Server: Microsoft-IIS/8.0
服务器:Microsoft-IIS/8.0
Access-Control-Allow-Methods: GET, POST
访问控制允许方法:GET、POST
Access-Control-Allow-Origin: *
访问控制允许来源:*
Access-Control-Allow-Headers: Content-Type, Accept, Pragma, Cache-Control, Authorization
Access-Control-Allow-Headers:Content-Type、Accept、Pragma、Cache-Control、Authorization
Access-Control-Max-Age: 1728000
访问控制最大年龄:1728000
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
访问控制允许来源:*
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
访问控制允许方法:GET、POST、OPTIONS、PUT、DELETE
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Headers:Origin、X-Requested-With、Content-Type、Accept、Authorization
Set-Cookie: ARRAffinity=ef9b3770b61f10f9696b0dedcb39a7f47a83c0e4d6cdbf367f3149482592ef06;Path=/;HttpOnly;Domain=seirse.azurewebsites.net
设置 Cookie:ARRAffinity=ef9b3770b61f10f9696b0dedcb39a7f47a83c0e4d6cdbf367f3149482592ef06;Path=/;HttpOnly;Domain=seirse.azurewebsites.net
As you can see, it's clearly there twice.如您所见,它显然存在两次。
The problem I have is that the only place I have enabled CORS is via the web.config in my application, eg我遇到的问题是我启用 CORS 的唯一地方是通过我的应用程序中的 web.config,例如
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS, PUT, DELETE" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept, Authorization" />
</customHeaders>
</httpProtocol>
I have made 100% sure that I have not enabled CORS via Startup.cs nor in the controller either.我已经 100% 确定我没有通过 Startup.cs 或在控制器中启用 CORS。
There is nothing out of the ordinary with the controller as far as I can see:据我所知,控制器没有什么不寻常的地方:
// GET: api/Address/all
[HttpGet]
public AddressResultModel All()
{
try
{
var userId = _accountService.GetUserId(Request);
return _customerRepository.GetAddresses(userId);
}
catch (Exception)
{
return null;
}
}
Any ideas what the problem might be?任何想法可能是什么问题?
It turned out I had code inside my Global.asax.cs which was adding headers to the response for OPTIONS HTTP requests.事实证明,我的Global.asax.cs中有代码,它为 OPTIONS HTTP 请求的响应添加了标头。
The reason I added this code was due to a separate issue whereby I was getting a "405 Method Not Allowed" error message for OPTIONS HTTP requests.我添加此代码的原因是由于一个单独的问题,即我收到 OPTIONS HTTP 请求的“405 Method Not Allowed”错误消息。
To fix both issues, I removed the code which was adding the extra headers and trimmed it down to this:为了解决这两个问题,我删除了添加额外标题的代码并将其修剪为:
protected void Application_BeginRequest()
{
if (Request.Headers.AllKeys.Contains("Origin", StringComparer.CurrentCultureIgnoreCase)
&& Request.HttpMethod == "OPTIONS")
{
Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept, Pragma, Cache-Control, Authorization ");
Response.End();
}
}
I'm not sure why this fixed the problem.我不确定为什么这解决了问题。
In my case I got this error because my endpoint returned response directly from another request, as a result my cors filter adds new headers to the received response with the existing filters:就我而言,我收到此错误是因为我的端点直接从另一个请求返回响应,因此我的 cors 过滤器使用现有过滤器将新标头添加到收到的响应中:
@GetMapping
public ResponseEntity getOmdbSearch(@RequestParam Map<String, String> requestParamMap, Principal principal) {
... ... ...
// Here an error !
return restTemplate.getForEntity(uriComponentsBuilder.toUriString(), String.class);
}
I fixed it by returning result only:我通过仅返回结果来修复它:
@GetMapping
public String getOmdbSearch(@RequestParam Map<String, String> requestParamMap,
Principal principal) {
ResponseEntity<String> response = restTemplate.getForEntity(uriComponentsBuilder.toUriString(), String.class);
return response.getBody();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.