[英]Enabling CORS in Web API Core and Angular JS
我有一个WEB API Core托管在不同的本地主机,我试图通过AngularJS $ http服务从我的MVC核心应用程序访问它。
这是我的homeController.js
app.controller("homeController", function ($scope, $http) {
$scope.accessToken = "";
var serviceBase = "https://localhost:44351/";
var request = $http({
method: "post",
url: serviceBase + "api/token",
data:
{
username: "DemoUser",
password: "Password"
},
headers: {
'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8',
'Access-Control-Allow-Origin':'*',
'Access-Control-Allow-Methods': 'GET, POST'
}
});
request.success(function (result) {
$scope.accessToken = result;
});
});
在WEB API Core的Startup.cs中启用跨源调用
public void ConfigureServices(IServiceCollection services)
{
...
services.AddCors();
...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
..
app.UseCors(builder =>
builder.WithOrigins("https://localhost:44352/")
.AllowAnyHeader()
);
..
}
尽管如此,我仍然在Chrome中遇到此错误。
XMLHttpRequest cannot load https://localhost:44351/api/token. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost:44352' is therefore not allowed access.
我可以从Postman客户端调用api。 我错过了这个步骤吗? 请帮忙。
我做的修复 :
在WebAPI项目web.config文件中
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://localhost:xxxxx" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept, Cache-Control" />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
...
在StartUp.cs中
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
// services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{ app.UseCors(builder =>
builder
.AllowAnyHeader()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
);}
Chrome不允许我在Access-Control-Allow-Origin
字段中使用*。
还在project.json中添加了"Microsoft.AspNetCore.Cors": "1.0.0"
谢谢大家的帮助。 我真是个老头。
如果您希望在web api核心端启用CORS,请按照以下步骤操作 -
首先,在project.json中添加依赖项 - "Microsoft.AspNetCore.Cors": "1.0.0",
然后在startup.cs
启用CORS,如下所示 -
app.UseCors(builder => {
builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
});
如果您想限制特定原产地,那么您可以这样做 -
app.UseCors(builder => builder.WithOrigins("example.com"));
您可以在此处找到有关CORS的更多信息
看看这是否有帮助。
在您的Configure方法中,您忘记允许任何方法,因此POST请求失败。 您的Configure方法应如下所示:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
..
app.UseCors(builder =>
builder.WithOrigins("https://localhost:44352/")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
);
..
}
并且您忘记发送凭据,如果您不这样做,并且如果您使用了身份验证cookie或反XHRF,则不会发送它们:
var request = $http({
method: "post",
url: serviceBase + "api/token",
data:
{
username: "DemoUser",
password: "Password"
},
withCredentials: true
}
});
你必须把这些:
headers: {
'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8',
'Access-Control-Allow-Origin':'*',
'Access-Control-Allow-Methods': 'GET, POST'
}
在服务器响应中,不是客户端请求
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.