.NET Core 2.0中的CORS“请求的资源上没有'Access-Control-Allow-Origin'标头。”

Question

我使用Core 2.0创建了一个web api，并且在执行跨域调用时启用了cors，接收到以下错误：“请求的资源上没有'Access-Control-Allow-Origin'标头。”

以下是我在startup.cs中的配置：

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddLogging();
        services.AddMvc();
        services.AddCors(options =>
        {
            options.AddPolicy("AllowAll",
                builder =>
                {
                    builder
                    .AllowAnyOrigin()
                    .AllowAnyMethod()
                    .AllowAnyHeader();
                });
        });

        services.Configure<MvcOptions>(options =>
        {
            options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAll"));
        });
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();
        app.UseMvc();
        app.UseCors("AllowAll");    
    }

根据我在stackoverflow上看到的每个帖子/教程，或者在哪里，这是允许所有来源的正确方法。 我错过了什么？

Answer 1

尝试调用： app.UseCors("AllowAll"); 在app.UseMvc();之前app.UseMvc(); 。

文档说明如下：

要为整个应用程序启用CORS，请使用UseCors扩展方法将CORS中间件添加到请求管道。 请注意，CORS中间件必须位于应用程序中要支持跨源请求的任何已定义端点之前 （例如， 在调用UseMvc之前 ）。

Answer 2

我可能错了，但本教程应该可以帮到你。

https://www.pointblankdevelopment.com.au/blog/113/aspnet-core-20-angular-24-user-registration-and-login-tutorial-example

以下是startup.cs中的配置

public void ConfigureServices(IServiceCollection services)
    {
        services.AddCors();
        services.AddDbContext<DataContext>(x => x.UseInMemoryDatabase("TestDb"));
        services.AddMvc();
        services.AddAutoMapper();

        // configure strongly typed settings objects
        var appSettingsSection = Configuration.GetSection("AppSettings");
        services.Configure<AppSettings>(appSettingsSection);

        // configure jwt authentication
        var appSettings = appSettingsSection.Get<AppSettings>();
        var key = Encoding.ASCII.GetBytes(appSettings.Secret);
        services.AddAuthentication(x =>
        {
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddJwtBearer(x =>
        {
            x.RequireHttpsMetadata = false;
            x.SaveToken = true;
            x.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(key),
                ValidateIssuer = false,
                ValidateAudience = false
            };
        });

        // configure DI for application services
        services.AddScoped<IUserService, UserService>();
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        // global cors policy
        app.UseCors(x => x
            .AllowAnyOrigin()
            .AllowAnyMethod()
            .AllowAnyHeader()
            .AllowCredentials());

        app.UseAuthentication();

        app.UseMvc();
    }