Dotnet core 3.0 project encounter cors issue because of configuration in startup.cs for uploading file function
Question
The frontend is react project and backend is dotnet core, they are hosted in different places, that's why I need to configure the cors in startup.cs in my dotnet project.
The problem is very weird. After configuration, there is no cors issue if I run the project in my local environment(on my: pc-frontend and backend), however, on the testing server, every request from the frontend encounter cors error. The error message from console is something like this:
Access to XMLHttpRequest at 'http://dummybackend.com' from origin 'http://dummyfrontend.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
After a whole day's research, I found the problem has someting to do with one part of the configuration, which is app.UseStaticFiles,
app.UseStaticFiles(new StaticFileOptions()
{
ServeUnknownFileTypes = true,
OnPrepareResponse = (ctx) =>
{
var policy = corsPolicyProvider.GetPolicyAsync(ctx.Context, "CorsPolicy")
.ConfigureAwait(false)
.GetAwaiter().GetResult();
var corsResult = corsService.EvaluatePolicy(ctx.Context, policy);
corsService.ApplyResult(corsResult, ctx.Context.Response);
},
FileProvider = new PhysicalFileProvider(Path.Combine(Directory.GetCurrentDirectory(), @"Uploads")),
RequestPath = new PathString("/StaticFiles"),
});
which is the configuration for file uploading. If I comment this out, there is no cors issue on the testing server(AWS EC2), but of course, I need this for successful file submitting.
I've found one solution from this blog https://www.bytefish.de/blog/aspnetcore_static_files_cors.html
But it doesn't work
Below is the configuration I made based on the blog.
public void ConfigureServices(IServiceCollection services)
{
// Add CORS:
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy", policyBuilder => policyBuilder
.WithOrigins("http://dummyfrontend.com", "http://localhost:8080")
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
SetConfigurations();
services.AddDbContext<DBContext>(options => options.UseMySql(Configuration.GetConnectionString("LocalDatabase")), ServiceLifetime.Transient);
services.AddDbContext<DBContextMail>(options => options.UseMySql(Configuration.GetConnectionString("MailDatabase")), ServiceLifetime.Transient);
services.AddControllers().AddNewtonsoftJson();
services.Configure<JWT>(Configuration.GetSection("JWT"));
services.AddScoped<IUserService, UserService>();
services.AddScoped<IAffiliateService, AffiliateService>();
services.AddScoped<ICommissionService, CommissionService>();
services.AddScoped<IReferrerProfileService, ReferrerProfileService>();
services.AddScoped<IApplicationService, ApplicationService>();
services.AddScoped<IDashboardService, DashboardService>();
services.AddScoped<ITeamService, TeamService>();
services.AddScoped<IHistoryService, HistoryService>();
services.AddScoped<IScheduleService, ScheduleService>();
services.AddScoped<ISettingService, SettingService>();
services.AddScoped<IUserRolesService, UserRolesService>();
services.AddScoped<IEmailTemplateService, EmailTemplateService>();
services.AddScoped<ISMSTemplateService, SMSTemplateService>();
services.AddScoped<IImportReferrersService, ImportReferrersService>();
if (Environment.IsDevelopment())
{
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1.0", new OpenApiInfo { Title = "Referrer Api v1.0", Version = "v1.0" });
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement {
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
new string[] { }
}
});
c.CustomSchemaIds(type => type.FullName);
var filePath = Path.Combine(System.AppContext.BaseDirectory, "ReferralSystem.xml");
c.IncludeXmlComments(filePath);
});
services.AddSwaggerGenNewtonsoftSupport();
}
var key = Encoding.ASCII.GetBytes(Configuration.GetSection("JWT").Get<JWT>().Secret);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
services.Configure<FormOptions>(o =>
{
o.ValueLengthLimit = int.MaxValue;
o.MultipartBodyLengthLimit = int.MaxValue;
o.MemoryBufferThreshold = int.MaxValue;
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerFactory loggerFactory, ICorsService corsService, ICorsPolicyProvider corsPolicyProvider)
{
app.UseRouting();
loggerFactory.AddLog4Net();
app.UseCors("CorsPolicy");
// To serve PBF Files, we need to allow unknown filetypes
// to be served by the Webserver:
if (env.IsDevelopment())
{
app.UseHttpsRedirection();
app.UseDeveloperExceptionPage();
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1.0/swagger.json", "Referrer Api V1.0");
c.DocumentTitle = "Referrer System API Document";
c.DocExpansion(DocExpansion.None);
});
}
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
app.UseStaticFiles(new StaticFileOptions()
{
ServeUnknownFileTypes = true,
OnPrepareResponse = (ctx) =>
{
var policy = corsPolicyProvider.GetPolicyAsync(ctx.Context, "CorsPolicy")
.ConfigureAwait(false)
.GetAwaiter().GetResult();
var corsResult = corsService.EvaluatePolicy(ctx.Context, policy);
corsService.ApplyResult(corsResult, ctx.Context.Response);
},
FileProvider = new PhysicalFileProvider(Path.Combine(Directory.GetCurrentDirectory(), @"Uploads")),
RequestPath = new PathString("/StaticFiles"),
});
}
1 answers
solution1
0 2021-06-20 23:39:55
I found the solution myself, it is because inside the app.UseStaticFiles configuration, I define a folder which is @"Uploads", and after publishing the project, there is no such folder inside the publish folder, therefore, the project encounter startup exception.
The solution is simply manually add the folder in the published file folder, so that the project wont encounter startup exception.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.