[英]For an Azure Function HTTP Trigger how can I set a CORS policy "WithExposedHeaders("*")?
I am trying to get the Header values from a Azure Function HTTP Trigger.我正在尝试从 Azure Function HTTP 触发器获取 Header 值。
I have a Blazor Wasm Client.我有一个 Blazor Wasm 客户端。
When I use the Client, the Headers collection is empty.当我使用 Client 时,Headers 集合是空的。
I have the same version of the code working with a my Blazor Wasm Client calling a REST API. When I set up that version, I had to set up a CORS policy like the code below in my Startup.cs.我有相同版本的代码与我的 Blazor Wasm 客户端一起调用 REST API。当我设置该版本时,我必须设置一个 CORS 策略,就像我的 Startup.cs 中的以下代码一样。
Once I added this code, my Blazor Wasm Client got the Header values from my API.添加此代码后,我的 Blazor Wasm 客户端从我的 API 中获得了 Header 值。
services.AddCors(options =>
{
options.AddPolicy(StringConstant.AllowedSpecificOrigins,
builder =>
{
builder.WithOrigins(origins)
.AllowAnyHeader()
.AllowAnyMethod()
.WithExposedHeaders("*");
});
});
It looks like I have to do the same from my Azure Function since the Header collection is empty in my Response object.看起来我必须从我的 Azure Function 做同样的事情,因为 Header 集合在我的响应 object 中是空的。
Any idea on how to set this up?关于如何设置这个的任何想法?
My Blazor Wasm Client is using the httpClient.GetAsync method.我的 Blazor Wasm 客户端正在使用 httpClient.GetAsync 方法。
We can add CORS in our Function App from Azure Portal.我们可以从 Azure 门户将 CORS 添加到我们的 Function 应用程序中。
Below is the place where we can add from Azure Portal:下面是我们可以从Azure传送门添加的地方:
Add * if we want to allow all origins or else, we can add the URLs include them specifically.如果我们想允许所有来源,请添加 *,否则,我们可以添加专门包含它们的 URL。
Refer to few related documentation from Microsoft about CORS in Portal , With Code在Portal中参考微软关于 CORS 的一些相关文档,以及代码
Found the solution - https://stackoverflow.com/a/71080532/9276081 , I've pasted my answer here as well -找到了解决方案 - https://stackoverflow.com/a/71080532/9276081 ,我也在这里粘贴了我的答案 -
The issue is not with Blazor WASM, rather if that header has been exposed on your API Side.问题不在于 Blazor WASM,而是 header 是否已暴露在您的 API 端。 In your azure function, add the following -
在您的 azure function 中,添加以下内容 -
Note: Postman will still show the headers even if you don't expose the headers like below.注意: Postman 仍然会显示标题,即使您没有像下面那样公开标题。 That's because, Postman doesn't care about CORS headers.
那是因为 Postman 不关心 CORS 标头。 CORS is just a browser concept and not a strong security mechanism.
CORS 只是一个浏览器概念,并不是一个强大的安全机制。 It allows you to restrict which other web apps may use your backend resources and that's all.
它允许您限制哪些其他 web 应用程序可以使用您的后端资源,仅此而已。
First create a Startup File to inject the HttpContextAccessor首先创建一个启动文件来注入HttpContextAccessor
Package Required: Microsoft.Azure.Functions.Extensions Package 必需:Microsoft.Azure.Functions.Extensions
[assembly: FunctionsStartup(typeof(FuncAppName.Startup))]
namespace FuncAppName
{
public class Startup : FunctionsStartup
{
public override void Configure(IFunctionsHostBuilder builder)
{
builder.Services.AddScoped<HttpContextAccessor>();
}
}
}
Next, inject it into your main Function -接下来,将其注入您的主 Function -
using Microsoft.AspNetCore.Http;
namespace FuncAppName
{
public class SomeFunction
{
private readonly HttpContext _httpContext;
public SomeFunction(HttpContextAccessor contextAccessor)
{
_httpContext = contextAccessor.HttpContext;
}
[FunctionName("SomeFunc")]
public override Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, new[] { "post" }, Route = "run")] HttpRequest req)
{
var response = "Some Response"
_httpContext.Response.Headers.Add("my-custom-header", "some-custom-value");
_httpContext.Response.Headers.Add("my-other-header", "some-other-value");
_httpContext.Response.Headers.Add("Access-Control-Expose-Headers", "my-custom-header, my-other-header");
return new OkObjectResult(response)
}
If you want to allow all headers you can use wildcard (I think, not tested) -如果您想允许所有标头,您可以使用通配符(我认为,未经测试)-
_httpContext.Response.Headers.Add("Access-Control-Expose-Headers", "*");
You still need to add your web-app url to the azure platform CORS. You can add * wildcard, more info here - https://iotespresso.com/allowing-all-cross-origin-requests-azure-functions/您仍然需要将您的网络应用程序 url 添加到 azure 平台 CORS。您可以在此处添加 * 通配符,更多信息 - https://iotespresso.com/allowing-all-cross-origin-requests-azure-functions/
to enable CORS for Local Apps during development - https://stackoverflow.com/a/60109518/9276081在开发期间为本地应用启用 CORS - https://stackoverflow.com/a/60109518/9276081
Now to access those headers in your Blazor WASM, as an eg you can -现在访问您的 Blazor WASM 中的这些标头,例如您可以 -
protected override async Task OnInitializedAsync()
{
var content = JsonContent.Create(new { query = "" });
using (var client = new HttpClient())
{
var result = await client.PostAsync("https://func-app-name.azurewebsites.net/api/run", content);
var headers = result.Headers.ToList();
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.