'ASP.NET Core with angular' 模板如何处理外部请求?
[英]How does the 'ASP.NET Core with angular' template work with external requests?
问题描述
I'm having a CORS issue and I'm having trouble debugging the issue.
我遇到了 CORS 问题,并且无法调试该问题。 One problem I'm facing is I don't know if its a frontend or backend issue.我面临的一个问题是我不知道它是前端还是后端问题。 My understanding is from boot up, the frontend will be spun up, in my case on localhost:44490.我的理解是从启动开始,前端将被启动,在我的例子中是 localhost:44490。 The backend will also be spun up on another localhost (localhost:7275 in my case) and you can configure proxies in the proxy.conf.js file within the frontend.后端也将在另一个 localhost(在我的情况下为 localhost:7275)上启动,您可以在前端的 proxy.conf.js 文件中配置代理。 So in my case hitting localhost:44490/api/task redirects to localhost:7275/api/task.所以在我的例子中,点击 localhost:44490/api/task 会重定向到 localhost:7275/api/task。 That is all well and good and works as expected.这一切都很好,并且按预期工作。
However, I'm making an external request (azure ad authentication) on the backend and receiving the CORS error message:但是,我在后端发出外部请求(天蓝色广告身份验证)并收到 CORS 错误消息:
Access to XMLHttpRequest at 'https://login.microsoftonline.com/hiding-this-part-of-the-url' (redirected from 'https://localhost:44490/api/task') from origin 'https://localhost:44490' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.从源“https://”访问“https://login.microsoftonline.com/hiding-this-part-of-the-url”(重定向自“https://localhost:44490/api/task”)上的 XMLHttpRequest /localhost:44490' 已被 CORS 策略阻止:对预检请求的响应未通过访问控制检查:请求的资源上不存在“Access-Control-Allow-Origin”header。
This to me suggest the request is actually being made by the localhost the frontend angular app is running on.这对我来说表明请求实际上是由 localhost 发出的,前端 angular 应用程序正在运行。 This seems further backed up by the fact that my backend is set up to enable all CORS这似乎进一步支持了我的后端设置为启用所有 CORS 的事实
builder.Services.AddCors(options =>
{
options.AddPolicy("AllowAllOrigins",
builder =>
{
builder.AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
});
});
..... ......
app.UseCors("AllowAllOrigins");
So i'm just looking for details on how this actually works because I was fully under the impression that requests from my backend would be made from the localhost the backend is running on ( localhost:7275), however that doesn't seem to be the reality?因此,我只是在寻找有关其实际工作原理的详细信息,因为我完全认为来自后端的请求将来自后端正在运行的本地主机(本地主机:7275),但这似乎不是现实?
The only supporting documentation I could really find on relation to this was:我真正能找到的与此相关的唯一支持文档是:
https://devblogs.microsoft.com/dotnet/asp-net-core-updates-in-net-6-preview-4/ https://devblogs.microsoft.com/dotnet/asp-net-core-updates-in-net-6-preview-4/
But it didn't really solve my confusion.但这并没有真正解决我的困惑。
1 个解决方案
解决方案1
0 2021-12-20 14:42:46
From what I understand, you seems to do that:据我了解,您似乎是这样做的:
From the angular application, you ask your api to get the azure ad login page.从 angular 应用程序中,您要求 api 获取 azure 广告登录页面。
Your api send [redirect to azure ad login] as response.您的 api 发送 [redirect to azure 广告登录] 作为响应。
Your page receive the redirect response, and your browser start the redirect process:您的页面收到重定向响应,您的浏览器开始重定向过程:
- A preflight request is started (method OPTIONS), asking informations to azure login server.启动预检请求(方法 OPTIONS),向 azure 登录服务器询问信息。
- The response from this preflight has header with or without the key Access-Control-Allow-Origins.此预检的响应有 header 有或没有密钥 Access-Control-Allow-Origins。
- If the value contains your url, then the browser start the true request, asking for the azure login page and display it.如果该值包含您的 url,则浏览器启动真正的请求,请求 azure 登录页面并显示它。
In other words:换句话说:
The Client request your.Net Api => Your.Net api return a Redirect response => Client receive the redirect and start the redirection process.客户端请求 your.Net Api => Your.Net api 返回重定向响应 => 客户端接收重定向并开始重定向过程。
You can see here that this is the client who handle the request, not your backend.您可以在此处看到这是处理请求的客户端,而不是您的后端。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.