stackoom
  简体   繁体   中英

Add 'access-control-allow-origin' response to options preflight request in Asp.NET

 原文  2015-12-03 21:27:32       asp.net/ asp.net-mvc/ cors/ asp.net-core

Question

I'm getting the following error in Chrome:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' http://localhost:9000 ' is therefore not allowed access.

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    loggerFactory.AddConsole(Configuration.GetSection("Logging"));
    loggerFactory.AddDebug();

    app.UseIISPlatformHandler();

    app.UseDefaultFiles();
    app.UseStaticFiles();

    app.UseCors(policy => policy
       .WithOrigins("http://localhost:9000")
       .AllowAnyMethod()
       .WithHeaders("Access-Control-Allow-Origin, Content-Type, x-xsrf-token, Authorization")
       .AllowCredentials());

    app.UseMvc();
}

According to chrome there is not a single header being added to the response.

What is the correct way to add the access-control-allow-origin header to a options response in Asp.NET 5?

4 answers

solution1
 5  2015-12-06 09:17:18

Consider that Google Chrome has an issue which does not support localhost to go through the Access-Control-Allow-Origin .

In your code, you have enabled CORS with the AddCors and UseCors methods in Configure method, please make sure you've followed the instructions available in Specifying a CORS Policy ( which is used in ConfigureServices method ) and How to enable CORS in ASP.NET 5

You can also simply write an Action Filter for plain Asp.net MVC controller .

Types of CORS'

  1. Microsoft.AspNet.WebApi.Cors : use it to enable the CORS request ONLY for the Web APIs.
  2. Microsoft.AspNet.Cors : Use it to enable CORS for MVC controllers.
  3. Microsoft.Owin.Cors : Use it to enable CORS for all cross-origins requests coming to your site, for example, when you you want to enable CORS for both Web API and SignalR.

solution2
 2 ACCPTED  2015-12-13 05:07:29

这真的没有意义,但正如@Sirwan 建议的那样,使用.AllowAnyHeader()设置对选项响应的访问...

solution3
 0  2015-12-10 09:29:47

为了克服预检问题,在您的 API 中添加与[httpoption]相同的名称方法并从那里返回成功,现在只需运行您的网络/客户端应用程序,您将在第一次 httpoption 方法命中时两次命中相同的方法,然后是您的原始方法

solution4
 0  2020-01-23 19:45:33

将其放在startup.cs文件的配置部分:

app.UseCors (x => x.AllowAnyOrigin ().AllowAnyMethod ().AllowAnyHeader ());

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question In ASP.NET, Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' Access-Control-Allow-Origin in asp.net web service Error “Access-Control-Allow-Origin” header in asp.net Access-Control-Allow-Origin appearing twice on header request ASP.NET Web API Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource Disable Access-Control-Allow-Origin in ASP.Net and ASP.Net Core ASP.Net WEB API Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response Unable to add Access-Control-Allow-Origin header on API response Ajax Get call to ASP.NET MVC controller is treated as "NO ‘Access-Control-Allow-Origin’ error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM