如果从 [授权] 重定向到帐户/登录,CORS 会出现 oauth 问题
[英]CORS issue with oauth if redirected to Account/Login from [Authorized]
问题描述
public class AccountController : Controller
{
public IActionResult Login(string returnUrl)
{
return new ChallengeResult(
GoogleDefaults.AuthenticationScheme,
new AuthenticationProperties
{
RedirectUri = Url.Action(nameof(LoginCallback), new { returnUrl })
});
}
...
I have the controller shown above.
我有上面显示的 controller。 If I type https://localhost:44378/Account/Login in the browser address bar it works fine - I get redirected to the Google authorization page but if I get redirected to this endpoint by hitting [Authorize] or a similar attribute on another endpoint I'm getting error like the following one:如果我在浏览器地址栏中键入https://localhost:44378/Account/Login它工作正常 - 我被重定向到 Google 授权页面,但如果我通过点击[Authorize]或另一个类似属性重定向到此端点端点我收到如下错误:
Access to XMLHttpRequest at 'https://accounts.google.com/o/oauth2/v2/auth?...' ( redirected from 'https://localhost:44378/api/some-action') from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
JIC, I added http://localhost:3000 to both Authorized JavaScript origins and Authorized redirect URIs in the app registration Google page. JIC,我在应用注册 Google 页面http://localhost:3000添加到授权 JavaScript 来源和授权重定向 URI中。
Why so and how to solve it?为什么会这样以及如何解决?
EDIT: Network:编辑:网络:
EDIT2:编辑2:
I created test project with frontend and backend on the same port, the issue persists我在同一个端口上创建了前端和后端的测试项目,问题仍然存在
(redirected from 'https://localhost:44336/weatherforecast') from origin 'https://localhost:44336' has been blocked by CORS policy
2 个解决方案
解决方案1
-1 2021-04-09 14:22:31
The local HTTP server (the one that is serving https://localhost:[Port]/... needs to be configured to respond to HTTP OPTIONS request with Access-Control-Allow-Origin: '*' in the response headers.本地 HTTP 服务器(服务于https://localhost:[Port]/...的服务器需要配置为响应 HTTP OPTIONS 请求,其中包含Access-Control-Allow-Origin: '*'
In case of cross domain requests, Browsers(especially chrome) make a HTTP OPTIONS request for the same endpoint before HTTP GET or HTTP POST在跨域请求的情况下,浏览器(尤其是 chrome)在 HTTP GET 或 HTTP POST 之前对同一端点发出 HTTP OPTIONS 请求
解决方案2
-1 2021-04-09 17:39:13
Try with this in your Startup.cs file.在您的 Startup.cs 文件中尝试此操作。
this inside the class -> readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";这个在 class -> 只读字符串 MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
and this inside the ConfigureServices method这在 ConfigureServices 方法中
services.AddCors(options =>
{
options.AddPolicy(name: MyAllowSpecificOrigins,
builder =>
{
builder.WithOrigins("http://localhost:4200");
});
});
change the address and port with yours用你的改变地址和端口
you can check this link as well: https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-5.0您也可以查看此链接: https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-5.0
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.