AWS - 已被 CORS 策略阻止:请求的资源上不存在“Access-Control-Allow-Origin”header
[英]AWS - has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
问题描述
I used visual studio net 2.1 and a local sql database for my site on AWS.
我在 AWS 上为我的网站使用了 Visual Studio Net 2.1 和本地 sql 数据库。 The first page comes up but when I try to put in a comment and the code routes to another page on my site I get this console error and the page is not routed to in the browser:第一页出现,但是当我尝试输入评论并且代码路由到我网站上的另一个页面时,我收到此控制台错误,并且该页面未路由到浏览器中:
Access to XMLHttpRequest at 'https...' from origin 'https://www.....dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
This is the startup.cs file这是 startup.cs 文件
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
);
});
app.UseCors("CorsPolicy");
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
2 个解决方案
解决方案1
1 2020-05-03 18:30:28
For some CORS requests, the browser sends an additional OPTIONS request before making the actual request.对于某些 CORS 请求,浏览器会在发出实际请求之前发送一个额外的 OPTIONS 请求。 This request is called a preflight request.该请求称为预检请求。 The browser can skip the preflight request if all the following conditions are true:如果满足以下所有条件,浏览器可以跳过预检请求:
- The request method is GET, HEAD, or POST.请求方法是 GET、HEAD 或 POST。
- The app doesn't set request headers other than Accept, Accept-Language, Content- Language, Content-Type, or Last-Event-ID.除了 Accept、Accept-Language、Content-Language、Content-Type 或 Last-Event-ID 之外,应用程序不会设置请求标头。
- The Content-Type header, if set, has one of the following values: application/x-www-form-urlencoded multipart/form-data text/plain Content-Type header(如果设置)具有以下值之一:application/x-www-form-urlencoded multipart/form-data text/plain
AllowAnyOrigin affects preflight requests and the Access-Control-Allow-Origin header. AllowAnyOrigin 影响预检请求和 Access-Control-Allow-Origin header。
The preflight request uses the HTTP OPTIONS method.预检请求使用 HTTP OPTIONS 方法。 It may include the following headers:它可能包括以下标题:
Access-Control-Request-Method: The HTTP method that will be used for the actual request. Access-Control-Request-Method:将用于实际请求的 HTTP 方法。 Access-Control-Request-Headers: A list of request headers that the app sets on the actual request. Access-Control-Request-Headers:应用程序在实际请求中设置的请求标头列表。 Access-Control-Allow-Methods访问控制允许方法
Try allowing specific origins, methods and headers.尝试允许特定的来源、方法和标题。 For more information can check the below link:欲了解更多信息,可以查看以下链接:
https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1#preflight-requests https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1#preflight-requests
解决方案2
0 2020-05-04 21:47:14
THe answer is to enable the api-gateway in AWS答案是在 AWS 中启用 api-gateway
In API Gateway Console click the Actions dropdown and select Deploy API.在 API 网关控制台中单击操作下拉菜单和 select 部署 API。
This eliminated the CORS issue.这消除了 CORS 问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.