堆栈内存溢出
  简体   繁体   English

.NET 核心 CORS 策略块

[英].NET Core CORS policy block

 原文  2020-07-13 09:45:19       c#/ asp.net-core/ iis/ cors/ asp.net-core-webapi

问题描述

There are two applications on the iis server, one is react with the front end and the other is the back end. iis服务器上有两个应用程序,一个是与前端反应,另一个是后端。 web api works as a subdomain. web api 用作子域。 forexample, api.mydomain.com.例如,api.mydomain.com。

I get the following error when I send a web api request from the front end.当我从前端发送 web api 请求时,出现以下错误。

Access to XMLHttpRequest at 'https://api.mydomain.com/api/auth/login' from origin 'https://.mydomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. CORS 策略已阻止从源“https://.mydomain.com”访问“https://api.mydomain.com/api/auth/login”处的 XMLHttpRequest:对预检请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”header。

        services.AddCors(options =>
        {
            options.AddPolicy("AllowOrigin",
                builder => builder.WithOrigins("https://*.mydomain.com").AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
        });

app.UseCors("AllowOrigin");

Do I need to change IIS settings, where should I change?我是否需要更改 IIS 设置,我应该在哪里更改?

SOLUTION:解决方案:

  1. First of all, set all the cors settings from web config to "*".首先,将 web 配置中的所有 cors 设置设置为“*”。
  2. Second, turn off modsecurity from the plesk panel.其次,从 plesk 面板关闭 modsecurity。

2 个解决方案

解决方案1
 0  2020-07-13 09:51:46

If you are hosting your web application on IIS you need to let IIS know about the cors Policy as well.如果您在 IIS 上托管您的 web 应用程序,您需要让 IIS 也了解 ZB439A4514C277CE6FCCC8F28。

you have to edit your web config as explained here:您必须编辑您的 web 配置,如下所述:

https://enable-cors.org/server_iis7.html https://enable-cors.org/server_iis7.html

解决方案2
 0  2020-07-13 10:15:52

implemented in version 2.0.0在 2.0.0 版本中实现

options.AddPolicy("MyCorsPolicy",
       builder => builder
          .SetIsOriginAllowedToAllowWildcardSubdomains()
          .WithOrigins("https://*.mydomain.com")
          .AllowAnyMethod()
          .AllowCredentials()
          .AllowAnyHeader()
          .Build()
       );
    app.UseCors("MyCorsPolicy");

https://docs.microsoft.com/fr-fr/dotnet/api/microsoft.aspnetcore.cors.infrastructure.corspolicybuilder.setisoriginallowedtoallowwildcardsubdomains?view=aspnetcore-2.2 https://docs.microsoft.com/fr-fr/dotnet/api/microsoft.aspnetcore.cors.infrastructure.corspolicybuilder.setisoriginallowedtoallowwildcardsubdomains?view=aspnetcore-2.2

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP .net core3.1 中的 CORS 策略 - CORS Policy in ASP .net core3.1 ASP.NET 内核 Cors 策略 - ASP.NET core Cors policy 为什么此CORS政策无法使用ASP.NET Core - Why is this CORS policy not working ASP.NET Core 点网核心 Web API 与 Javascript - Z5A8FEFF0B4BDE3EEC924Z 策略错误 - Dot Net Core Web API with Javascript - CORS policy error .Net Core 3.1,cors 政策问题,尽管遵循了文档 - .Net Core 3.1, cors policy issue although followed Documentation 在 ASP.NET Core 3.1 中处理多环境的 CORS 策略 - Handling CORS policy for multiple environment in ASP.NET Core 3.1 C#Net Core:在API中启用Cors后,它仍然指出被CORS策略阻止 - C# Net Core: After enabling Cors in API, it still states blocked by CORS policy .NET 6 CORS 策略在客户端被阻止 CORS - .NET 6 CORS policy blocked on Client side CORS 请求始终被CORS策略C#Net Core阻止 - Request always has been blocked by CORS policy c# net core ASP.NET Core 网页忽略 Startup.cs 中的 CORS 策略 - ASP.NET Core webpage ignores CORS policy in Startup.cs
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM