[英]CORS policy - response to preflight request
I am setting up the CORS policy in my .NET Core 3.1 web app but I am getting an error that says我正在我的 .NET Core 3.1 Web 应用程序中设置 CORS 策略,但出现错误提示
Access to XMLHttpRequest at 'http://10.10.100.60/api/api/values/getmyorders?toOrder=false&uId=8c3d745b-78b7-47ed-ac93-310fe61b8daf' from origin 'http://10.10.100.66:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I have previously never encountered this preflight error.我以前从未遇到过这种预检错误。 Here's what my
Startup
looks like这是我的
Startup
样子
public void ConfigureServices(IServiceCollection services)
{
//code shortened for brevity
services.AddCors();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddProvider(new Log4NetProvider("log4net.config", true));
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseCors(x => x
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
I also tried using other CORS methods like the CORS with named policy and middleware as well as the default policy but I still get the same preflight error.我还尝试使用其他 CORS 方法,例如带有命名策略和中间件的 CORS 以及默认策略,但我仍然遇到相同的预检错误。 Any suggestion on how do I proceed?
关于如何进行的任何建议?
Here's what worked for me several hours later.这是几个小时后对我有用的方法。
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowAllHeaders",
builder =>
{
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseCors("AllowAllHeaders");
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
I am now only using the AllowAnyOrigin()
, AllowAnyHeader()
and the AllowAnyMethod()
.我现在只使用
AllowAnyOrigin()
、 AllowAnyHeader()
和AllowAnyMethod()
。 I assume there was an issue with the AllowCredentials()
.我认为
AllowCredentials()
存在问题。 Hopefully this answer helps someone in the future.希望这个答案对未来的人有所帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.