ASP .NET 核心中 CORS 中的问题 - 响应中的“访问控制允许来源”header 的值不能是通配符 '*
[英]Issue in CORS in ASP .NET Core - The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*
问题描述
I'm getting the below error
我收到以下错误
Access to XMLHttpRequest at ' http://localhost:5000/api/values/track/?name=name&time=1589425390870 ' from origin ' http://localhost:23456 ' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Access to XMLHttpRequest at ' http://localhost:5000/api/values/track/?name=name&time=1589425390870 ' from origin ' http://localhost:23456 ' has been blocked by CORS policy: The value of the 'Access -Control-Allow-Origin' 当请求的凭据模式为“包含”时,响应中的 header 不能是通配符“*”。 The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. XMLHttpRequest 发起的请求的凭证模式由 withCredentials 属性控制。
I have configured Asp.net core app like below我已经配置了 Asp.net 核心应用程序,如下所示
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader().AllowCredentials() ;
}));
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("MyPolicy");
app.UseMvc();
}
Content type: application/x-www-form-urlencoded内容类型:application/x-www-form-urlencoded
Can some one please help me in resolving this issue?有人可以帮我解决这个问题吗?
1 个解决方案
解决方案1
3 已采纳 2020-05-14 03:21:36
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
As error indicates that you configure your app with both AllowAnyOrigin and AllowCredentials methods, which cause that the CORS service returns an invalid CORS response.由于错误表明您使用AllowAnyOrigin和AllowCredentials方法配置您的应用程序,这会导致 CORS 服务返回无效的 CORS 响应。
You can modify the code to enable specific origins, like below.您可以修改代码以启用特定来源,如下所示。
builder.WithOrigins("set_specified_origins_here")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
For detailed information about "Set the allowed origins", please check following doc: https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-2.0#set-the-allowed-origins-1有关“设置允许的来源”的详细信息,请查看以下文档: https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-2.0#set-the-allowed-起源-1
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.