问题:请求的资源上不存在“Access-Control-Allow-Origin”header
[英]Issue: No 'Access-Control-Allow-Origin' header is present on the requested resource
问题描述
My problem is that I can't access to GET method from my Angular app because of the issue:
我的问题是由于以下问题,我无法从我的 Angular 应用访问 GET 方法:
Access to XMLHttpRequest at 'https://localhost:44337...' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. CORS 策略已阻止从来源“http://localhost:4200”访问“https://localhost:44337...”中的 XMLHttpRequest:请求中不存在“Access-Control-Allow-Origin”header资源。
- ConfigureServices method has the line for adding Cors: ConfigureServices 方法有添加 Cors 的行:
services.AddCors();
- Configure method has the code for configuring Cors: Configure方法有配置Cors的代码:
app.UseCors(builder =>
builder.WithOrigins("http://localhost:4200")
.AllowAnyHeader()
.AllowCredentials()
.AllowAnyMethod());
It's been using before such methods:它以前一直在使用这样的方法:
app.UseHttpsRedirection();
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
What else should be done to prevent that issue?还应该做些什么来防止这个问题? *I'm using ASP.NET Core 3.1 *我正在使用 ASP.NET Core 3.1
Thanks in advance for any suggestions!在此先感谢您的任何建议!
UPD: My middlewares order is: UPD:我的中间件订单是:
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My Api V1");
});
app.UseCors(builder =>
builder.WithOrigins("http://localhost:4200")
.AllowAnyHeader()
.AllowCredentials()
.AllowAnyMethod());
app.UseHttpsRedirection();
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
My API method:我的API方法:
[HttpGet]
public async Task<string> GetRole(string token)
{
try
{
var tokenHandler = new JwtSecurityTokenHandler();
var securityToken = (JwtSecurityToken)tokenHandler.ReadToken(token);
var claimValue = securityToken.Claims.FirstOrDefault(c => c.Type == "role")?.Value;
return await Task.FromResult<string>(claimValue);
}
catch (Exception)
{
return null;
}
}
2 个解决方案
解决方案1
1 2022-01-16 07:36:17
You should rearrange your middlewares as follows:您应该重新排列中间件,如下所示:
app.UseHttpsRedirection();
app.UseRouting();
app.UseCors(builder =>
builder.WithOrigins("http://localhost:4200")
.AllowAnyHeader()
.AllowCredentials()
.AllowAnyMethod());
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
UseHttpsRedirection should be first of your middlewares, and UseCors should be before UseAuthentication / UseAuthorization , but after UseRouting . UseHttpsRedirection应该是您的中间件的第一个,并且UseCors应该在UseAuthentication / UseAuthorization之前,但在UseRouting之后。
Have a look at the docs看看文档
解决方案2
1 2022-03-31 11:57:00
for.Net5 above, to sort this out in your code instead of AllowAnyOrigin, it should be.SetIsOriginAllowed(origin => true).对于上面的 .Net5,要在您的代码中而不是 AllowAnyOrigin 中解决这个问题,它应该是 .SetIsOriginAllowed(origin => true)。 This has the same effect as allowAnyOrigin.这与 allowAnyOrigin 具有相同的效果。 Please also take note of Order/Sequence.另请注意顺序/顺序。 It should be as in the screenshort.它应该如屏幕截图所示。 Literally CORS should be the first service in your startup.从字面上看,CORS 应该是您启动时的第一项服务。
*Code it as follows* *编码如下*
//ENABLE CORS
//启用 CORS
services.AddCors(options => { options.AddPolicy("EnableCORS", builder => { builder.WithOrigins().AllowAnyMethod().AllowAnyHeader().SetIsOriginAllowed(origin => true) // allow any origin.AllowCredentials().Build(); }); });
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.