CORS 政策 - 对预检请求的响应

Question

I am setting up the CORS policy in my .NET Core 3.1 web app but I am getting an error that says我正在我的 .NET Core 3.1 Web 应用程序中设置 CORS 策略，但出现错误提示

Access to XMLHttpRequest at 'http://10.10.100.60/api/api/values/getmyorders?toOrder=false&uId=8c3d745b-78b7-47ed-ac93-310fe61b8daf' from origin 'http://10.10.100.66:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have previously never encountered this preflight error.我以前从未遇到过这种预检错误。 Here's what my Startup looks like这是我的Startup样子

public void ConfigureServices(IServiceCollection services)
        {
         //code shortened for brevity
         services.AddCors();
        }

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddProvider(new Log4NetProvider("log4net.config", true));
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }

            app.UseCors(x => x
                .AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials());

            app.UseAuthentication();
            app.UseHttpsRedirection();
            app.UseMvc();
        }

I also tried using other CORS methods like the CORS with named policy and middleware as well as the default policy but I still get the same preflight error.我还尝试使用其他 CORS 方法，例如带有命名策略和中间件的 CORS 以及默认策略，但我仍然遇到相同的预检错误。 Any suggestion on how do I proceed?关于如何进行的任何建议？

Answer 1

Here's what worked for me several hours later.这是几个小时后对我有用的方法。

public void ConfigureServices(IServiceCollection services)
        {
            services.AddCors(options =>
            {
                options.AddPolicy("AllowAllHeaders",
                builder =>
                {
                    builder.AllowAnyOrigin()
                    .AllowAnyHeader()
                    .AllowAnyMethod();
                });
            });
        }

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            app.UseCors("AllowAllHeaders");
            app.UseAuthentication();
            app.UseHttpsRedirection();
            app.UseMvc();
        }

I am now only using the AllowAnyOrigin() , AllowAnyHeader() and the AllowAnyMethod() .我现在只使用AllowAnyOrigin() 、 AllowAnyHeader()和AllowAnyMethod() 。 I assume there was an issue with the AllowCredentials() .我认为AllowCredentials()存在问题。 Hopefully this answer helps someone in the future.希望这个答案对未来的人有所帮助。

CORS 政策 - 对预检请求的响应

问题描述

1 个解决方案

解决方案1
-1 已采纳 2020-11-06 07:50:16

CORS 政策 - 对预检请求的响应

问题描述

1 个解决方案

解决方案1 -1 已采纳 2020-11-06 07:50:16

解决方案1
-1 已采纳 2020-11-06 07:50:16