带有身份的 ASP.NET 中的 CORS 策略
[英]CORS Policy in ASP.NET with identity
问题描述
I published API to IIS server and everything works fine despite of one function:
我将 API 发布到 IIS 服务器,尽管只有一个功能,但一切正常:
Error only shows up when we test a function on localhost, but if i use postman everything work.错误仅在我们在本地主机上测试函数时出现,但如果我使用邮递员,一切正常。 That is the only place in my code where i use Cors:这是我的代码中唯一使用 Cors 的地方:
What can i do to allow sendind request on localhost?
我该怎么做才能允许本地主机上的 sendind 请求?
1 个解决方案
解决方案1
0 2021-07-23 08:50:56
It works through postman because CORS is a browser implementation thing.它通过邮递员工作,因为 CORS 是浏览器实现的东西。 Which is also why some calls might work through older IE versions.这也是为什么有些调用可以通过较旧的 IE 版本工作的原因。 Postman does not check the CORS header and thus does not care. Postman 不检查 CORS 标头,因此不在乎。
CORS is to prevent XSS (I believe). CORS是为了防止XSS(我相信)。
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS is great reading on the subject. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS是有关该主题的绝佳读物。
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources.
So basically it is telling you that the token service does not allow you to call it cross-origin.所以基本上它告诉你令牌服务不允许你称之为跨域。
CORS is a response header that the browser checks. CORS是浏览器检查的响应标头。
- Browser sends request to token service浏览器向令牌服务发送请求
- Token service responds.令牌服务响应。
- Browser checks if CORS is allowed.浏览器检查是否允许 CORS。
- No.不。
- Fail the "request".失败“请求”。
TLDR; TLDR; CORS is a response header, that the browser checks for whether or not to allow the response to go through to you. CORS是一个响应头,浏览器会检查是否允许响应通过你。 The header must be set by the service you are calling.标头必须由您正在调用的服务设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.