![](/img/trans.png)
[英]“CORS: No 'Access-Control-Allow-Origin' header is present ”, but it is present
[英]No “Access-Control-Allow-Origin” header is present in certain routes at deployment
I've build a frontend with Angular xx that picks up the routes of an existing ASP.NET Web API 1.x-Application.
身份验证以及与后端的通信存在一些问题,因此我在客户端实现了以下拦截器:
凭证的角拦截器:
@Injectable()
export class CredentialsInterceptor implements HttpInterceptor {
intercept(req: HttpRequest<any>, next: HttpHandler):
Observable<HttpEvent<any>> {
req = req.clone({
withCredentials: true
});
return next.handle(req);
}
}
为了处理现有的 CORS 冲突,我修改了 Global.asax,如下所示:
protected void Application_BeginRequest(object sender, EventArgs e)
{
string httpOrigin = HttpContext.Current.Request.Params["HTTP_ORIGIN"] ?? HttpContext.Current.Request.Params["ORIGIN"] ?? "*";
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", httpOrigin);
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Token, withCredentials");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Credentials", "true");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
HttpContext.Current.Response.StatusCode = 200;
var httpApplication = sender as HttpApplication;
httpApplication.CompleteRequest();
}
}
web.config 像这样:
<system.web>
<authentication mode="Windows" />
<authorization>
<allow verbs="OPTIONS" users="*"/>
<deny users="?"/>
</authorization>
</system.web>
<system.webServer>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
在我的本地计算机上,可以在localhost:80
访问后端(使用 IIS Express),而我将 Angular 应用程序托管在192.168.xxx.xx:80
over Z5DA5ACF461B4EFB27E76EC861065
在这种环境下,一切都运行良好,我没有任何问题。
测试环境是具有 Windows Server 2008 R2 和 IIS 7.5 的服务器。 对于 Deep-Link-Usage URL-Rewriter 2 已安装
在构建后端和前端并部署到上述环境之后,应用程序按预期工作,除了一个大缺陷。
IIS 中的后端地址为 *:80、*:8080 等。
IIS 中的 Frontend-Address 是 Server-IP:80
虽然某些路由按预期工作,但在本地设置中工作的其他一些路由正在产生以下 CORS 问题:
Access to XMLHttpRequest at *route* from origin *origin* has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No "Access-Control-Allow-Origin" header is present on the requested source.
到目前为止,我找不到工作的控制器和不工作的控制器之间有任何区别。
有谁知道这里发生了什么?
这么小的事情,却有这么大的影响。
我忘记将<remove name="OPTIONSVerbHandler" />
添加到web.config
处理程序中。
现在一切都按预期工作。 希望它可以帮助别人。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.