stackoom
  简体   繁体   中英

ASP.Net Core Web Api access-control-max-age not being sent in the response header

 原文  2021-03-29 21:42:07       c#/ asp.net-core/ webapi

Question

I have the SetPreFlightMaxAge in the Startup.cs. But the chrome Inspect > Network tab doesn't show it in the Response Headers.

Startup.cs

app.UseCors(o =>
{
o.WithOrigins(allowedDomains.ToArray())
.SetPreFlightMaxAge(TimeSpan.FromMinutes(10))
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
});

Response Headers (GET method): In addition to some other headers it sends these headers. There is a max-age in the third line below, but that's not the 10 mins value set in the Startup.cs

access-control-allow-credentials: true
access-control-allow-origin: ...
set-cookie: ...
strict-transport-security: max-age=2592000
vary: Origin,Accept-Encoding

Response Headers (OPTIONS method):

access-control-allow-credentials: true
access-control-allow-headers: ...
access-control-allow-origin: ...
set-cookie: ...

1 answers

solution1
 0  2021-05-11 05:34:57

In .NET core 3.1 try adding it in ConfigureServices

services.AddCors(o => o.AddPolicy("xyzpolicy", builder =>
            {
  
                builder.AllowAnyOrigin()
                       .AllowAnyMethod()
                       .AllowAnyHeader()
                       .SetPreflightMaxAge(TimeSpan.FromMinutes(10));
            }));

They say its caped to 2 hours for Chromium-based browsers

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question No 'Access-Control-Allow-Origin' header is present - asp.net core web api targeting .net framework 4.5.1 ASP.Net WEB API Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response ASP.NET Core Web Api sending Access-Control-Allow-Origin: null CORS header and chrome is erroring, how to fix? ASP.NET Core Web API + Angular Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request How to add custom header to ASP.NET Core Web API response Angular 4 / Asp.net Web API - No 'Access-Control-Allow-Origin' header is present Access-Control-Allow-Origin appearing twice on header request ASP.NET Web API Swagger UI Response Example Asp.Net Core Web Api Fluent validation custom response ASP.NET Core Web API ASP.NET Core Web API Authentication allowing unauthorized access
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM