[英]Access to fetch at 'API URL' from origin 'LOCALHOST' has been blocked by CORS policy .net 6
im getting this error.我收到这个错误。
Access to fetch at 'API_URL' from origin 'LOCALHOST_OR_HEROKU_URL' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check:
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
i have followed the documentation to order my Middleware, and include whats necessary from this documentation .我已按照文档订购了我的中间件,并包含了此文档中的必要内容。 Here is my Program.cs file.
这是我的 Program.cs 文件。
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddCors(options =>
{
options.AddPolicy(name: "CORSPolicy",
policy =>
{
policy.AllowAnyOrigin();
policy.AllowAnyMethod();
policy.AllowAnyHeader();
});
});
builder.Services.AddControllers();
builder.Services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
};
});
// i have registered my services here
builder.Services.AddEndpointsApiExplorer();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseCors("CORSPolicy");
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute("default", "{controller=values}/{action=get} /{id?}");
});
app.MapControllers();
app.Run();
but im still getting that error from client side, and i dont know what im doing wrong.. please any help is appreciated.但我仍然从客户端收到该错误,我不知道我做错了什么..请任何帮助表示赞赏。 With thanks
感谢
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
当请求的凭证模式为“包含”时,响应中的“Access-Control-Allow-Origin”header 的值不能是通配符“*”。
Error message clear says what is wrong here.错误消息明确说明这里出了什么问题。
This one requirement is well described in MDN article ( Requests with credentials part). MDN 文章(带有凭据的请求部分)很好地描述了这一要求。
The server must not specify the "*" wildcard for the Access-Control-Allow-Origin response-header value, but must instead specify an explicit origin;
服务器不得为 Access-Control-Allow-Origin 响应标头值指定“*”通配符,而是必须指定显式来源; for example: Access-Control-Allow-Origin: https://example.com
例如:访问控制允许来源: https://example.com
If a request includes a credential (most commonly a Cookie header) and the response includes an Access-Control-Allow-Origin: * header (that is, with the wildcard), the browser will block access to the response, and report a CORS error in the devtools console.
如果请求包含凭据(最常见的是 Cookie 标头)并且响应包含 Access-Control-Allow-Origin: * header(即带有通配符),浏览器将阻止对响应的访问,并报告 CORS devtools 控制台中的错误。
Credentialed requests are requests that contain any cookie data ( Cookie
header) or any data in Authorization
header.凭据请求是包含任何 cookie 数据(
Cookie
标头)或Authorization
header 中的任何数据的请求。
So, highly likely solution would be replacing this line:因此,很有可能的解决方案是替换这条线:
policy.AllowAnyOrigin();
by setting explicit origin allowed.通过设置允许的明确来源。
Make sure your client application calling the Web API has the correct url with https://scheme.确保调用 Web API 的客户端应用程序具有正确的 url 和 Z5E056C500A01C4B6AADE5Z110BB6ADE5Z110。
So localhost:6700/api should be called as https://localhost:6700/api.所以 localhost:6700/api 应该被称为 https://localhost:6700/api。
Please check and confirm:)请检查并确认:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.