[英]Adding AllowAnyHeader does not allow all headers in .NET Core 3.1
In my .NET Core 3.1 Startup program, I have something like this:在我的 .NET Core 3.1 启动程序中,我有这样的东西:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddDefaultPolicy(
builder =>
{
builder.AllowAnyHeader();
builder.AllowAnyMethod();
builder.AllowAnyOrigin();
});
});
}
I was expecting that AllowAnyHeader
would add "Access-Control-Allow-Methods": "GET,POST,PUT,DELETE,OPTIONS";
我期待
AllowAnyHeader
会添加"Access-Control-Allow-Methods": "GET,POST,PUT,DELETE,OPTIONS";
to the response header, but when I call a DELETE in a method configured with [HttpDelete]
in the Controller, I see the following in the response header:到响应 header,但是当我在 Controller 中配置了
[HttpDelete]
的方法中调用 DELETE 时,我在响应 header 中看到以下内容:
access-control-allow-methods → GET
(no DELETE or OPTIONS) access-control-allow-methods → GET
(无删除或选项)
So, what should I do to see all methods allowed in the response header?那么,我应该怎么做才能看到响应 header 中允许的所有方法?
You can use this instead in Configure您可以在 Configure 中使用它
app.UseCors(x => x
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
or you should use或者你应该使用
services.AddCors(options =>
{
options.AddDefaultPolicy(
builder =>
{
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
then use it in Configure然后在配置中使用它
app.UseCors();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.