stackoom
  简体   繁体   中英

No 'Access-Control-Allow-Origin' header is present on the requested resource when 401 response is returned from the server

 原文  2019-11-12 13:19:13       c#/ angular/ asp.net-core/ cors

Question

I have a .NET Core 3.0 and Angular 8 web application. I have enabled CORS in Startup.cs and it works fine. I am using JWT authentication along with an interceptor on the angular side to append JWT token to each request. The call to a route with [Authorize] attribute is successful when the token is valid. When the token is expired/invalid, the server returns 401 as expected. But, the angular interceptor is not able to recognize the 401 error since there is a CORS issue as seen in the console error:

Access to XMLHttpRequest at ' https://localhost:5001/api/Users/test ' from origin ' http://localhost:4200 ' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

On inspecting the response I could see that there were no Access-Control-Allow-Origin headers present in the response. Why does that happen? Please note that this does not happen if the token is valid.

Startup.cs:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    app.UseHttpsRedirection();

    app.UseRouting();

    app.UseAuthentication();

    app.UseAuthorization();

    app.UseCors(builder => builder.AllowAnyOrigin()
            .AllowAnyMethod()
            .AllowAnyHeader());

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllers();
    });
}

Angular recieves the error status as status: 0, statusText: "Unknown Error" .

1 answers

solution1
 11 ACCPTED  2019-11-12 13:35:51

UseCors should be placed above UseAuthentication and UseAuthorization : 

app.UseCors(builder => builder
    .AllowAnyOrigin()
    .AllowAnyMethod()
    .AllowAnyHeader());

app.UseAuthentication();
app.UseAuthorization();

Otherwise, the CORS middleware will not run when the authorization middleware short-circuits the pipeline and so will not add the CORS headers. This is something that's a little different in ASP.NET Core 3.0 with the introduction of UseAuthorization , but the middleware ordering has always been important.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question CORS No 'Access-Control-Allow-Origin' header is present on the requested resource CORS - No 'Access-Control-Allow-Origin' header is present on the requested resource No 'Access-Control-Allow-Origin' header is present on the requested resource Issue: No 'Access-Control-Allow-Origin' header is present on the requested resource No Access-Control-Allow-Origin header is present on the requested resource when calling WebAPI No 'Access-Control-Allow-Origin' header is present on the requested resource. Error When calling WebApi "No 'Access-Control-Allow-Origin' header is present on the requested resource" from Azure App Service API .NET 5 Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource Getting this CORS error on my react app when calling my API - No 'Access-Control-Allow-Origin' header is present on the requested resource Angular2: http.get returns “No 'Access-Control-Allow-Origin' header is present on the requested resource.”
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM