[英]ASP.NET Core Web Api sending Access-Control-Allow-Origin: null CORS header and chrome is erroring, how to fix?
Yesterday I managed to have my API working on my local computer, however today (same code) on another computer, it's not working, I am getting this error on the console: 昨天我设法让我的API在我的本地计算机上工作,但是今天(相同的代码)在另一台计算机上,它不能正常工作,我在控制台上收到此错误:
Failed to load http://localhost:52056/api/task : The 'Access-Control-Allow-Origin' header has a value 'null' that is not equal to the supplied origin.
无法加载http:// localhost:52056 / api / task :'Access-Control-Allow-Origin'标头的值为'null',不等于提供的原点。 Origin 'null' is therefore not allowed access.
因此不允许原点'null'访问。
Here is the http request and response on Chrome: 以下是Chrome上的http请求和响应:
(I don't see errors in IE/Firefox) (我在IE / Firefox中看不到错误)
Here is my startup class (using .net core 2) 这是我的启动类(使用.net core 2)
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using TodoApi;
namespace TestCors
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton<ITaskWarehouse, TaskWarehouse>();
services.AddCors();
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
app.UseMvc();
}
}
}
What is wrong here? 这有什么不对? The code is the same from yesterday, however I was running on Windows 10 and this machine has Windows 7. Any thoughts?
从昨天起代码是相同的,但我在Windows 10上运行,这台机器有Windows 7.有什么想法吗? Thanks
谢谢
Try removing 尝试删除
.AllowCredentials()
CORS doesn't allow you to have . CORS不允许你拥有。
AllowCredentials()
AND .AllowAnyOrigin()
for the same policy. AllowCredentials()
AND .AllowAnyOrigin()
用于同一策略。 I don't why it worked on a different machine. 我不知道它为什么在不同的机器上工作。
This is from ASP.NET page 这是来自ASP.NET页面
The CORS spec also states that setting origins to "*" is invalid if SupportsCredentials is true.
CORS规范还规定,如果SupportsCredentials为true,则将原点设置为“*”无效。
The problem is your are opening html page which makes this request by just double clicking on it, without using a server. 问题是你正在打开html页面,只需双击它即可完成此请求,而无需使用服务器。 So url in your browser is "file:///...".
所以浏览器中的网址是“file:/// ...”。 That means there is no origin, and as you see on screenshot from your question - CORS request has "Origin: null" header.
这意味着没有起源,正如您在问题的屏幕截图中看到的那样 - CORS请求具有“Origin:null”标头。 Different browsers handle this siutation differently.
不同的浏览器以不同方式处理这种情况。 Chrome restricts cross-origin requests from such origin, even if response allows it (via returning "null" as "Access-Control-Allow-Origin").
即使响应允许,Chrome也会限制来自此类来源的跨源请求(通过返回“null”作为“Access-Control-Allow-Origin”)。
So to fix - use proper server (local one), or use another browser for development. 所以要修复 - 使用适当的服务器(本地服务器),或使用其他浏览器进行开发。 Also some people claim that starting chrome like this
还有一些人声称像这样开始镀铬
chrome.exe --allow-file-access-from-files
Should also "fix" this, though I didn't try myself. 也应该“修复”这个,虽然我没有尝试自己。
Update: I was under impression that even with Access-Control-Allow-Origin: *
chrome will not allow it, but your comment on other answer seems to claim otherwise (by removing AllowCredentials()
you made response to use "*" as allowed origin instead of origin provided in request). 更新:我的印象是,即使使用
Access-Control-Allow-Origin: *
chrome也不允许,但您对其他答案的评论似乎另有说明(通过删除AllowCredentials()
您做出响应使用“*”允许请求中提供的原产地而非原产地)。 If so - that's another way to fix it (not sure, maybe it behaves differently in different chrome versions though). 如果是这样 - 这是解决它的另一种方法(不确定,可能它在不同的chrome版本中表现不同)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.