[英]CORS is not working with .NET Core API and Angular frontend
我已经阅读了类似的问题,尝试了其中提到的几个解决方案但没有成功 - 问题很简单,我真的不知道到底是什么地方错了......
我有一个非常简单的 .NET 核心 API,我想在其上设置 CORS。
我试过这种方式(端点路由): https://learn.microsoft.com/en-us/as.net/core/security/cors?view=as.netcore-5.0#enable-cors-with-endpoint-路由
Startup.cs 中的 ConfigureServices() 和 Configure() 方法
完全是默认生成的,只是添加了MSDN的CORS相关代码。
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy(name: "Policy1",
builder =>
{
// I read the site url from appsettings.json but for now I want to keep the example as simple as I can
// var lpSolverFrontendUrl = Configuration.GetValue<string>("Cors:AllowedSite");
builder.WithOrigins("http://localhost:4200").AllowAnyHeader().AllowAnyMethod();
});
});
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseCors();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers().RequireCors("Policy1");
});
}
我的 controller class
[Route("[controller]/[action]")]
public class SimplexSolverController : Controller
{
public IActionResult Ping()
{
return Json(new { status = "OK" });
}
[HttpPost]
public IActionResult Solve([FromBody] LPModelDto lpModelDto)
{
bool wrongFormat = false;
string message = null;
SimplexSolutionDto solution = null;
//...
}
//...
}
我已经尝试过的另一种方式(带属性): https://learn.microsoft.com/en-us/as.net/core/security/cors?view=as.netcore-5.0#enable-cors-with-属性
Startup.cs这样
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy(name: "Policy1",
builder =>
{
// I read the site url from appsettings.json but I want to keep the example as simple as I can
// var lpSolverFrontendUrl = Configuration.GetValue<string>("Cors:AllowedSite");
builder.WithOrigins("http://localhost:4200").AllowAnyHeader().AllowAnyMethod();
});
});
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseCors();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
我的controller class这样
我将EnableCors属性放在 controller 方法上以在其上启用 CORS。
[Route("[controller]/[action]")]
public class SimplexSolverController : Controller
{
public IActionResult Ping()
{
return Json(new { status = "OK" });
}
[EnableCors("Policy1")]
[HttpPost]
public IActionResult Solve([FromBody] LPModelDto lpModelDto)
{
bool wrongFormat = false;
string message = null;
SimplexSolutionDto solution = null;
//...
}
//...
}
无论我选择哪种方式,我都会在 DevTools 控制台中收到错误消息,例如:从来源“http://localhost:4200”访问“http://localhost:4000/simplexsolver/solve”中的 XMLHttpRequest 已被 CORS 策略阻止: 请求的资源上不存在“Access-Control-Allow-Origin”header。
我完全按照文章所说的进行操作,但没有任何结果......感谢您的帮助!
更新
我终于成功启用了CORS。 可悲的是,我无法在 ConfigureServices 中设置任何类型的策略,因为如果我这样做,Access-Control-Allow-Origin header 将在预检中具有“*”值(不是前端地址)请求的响应。 我使用的方式是:
现在我在 Startup.cs 中的两个方法如下所示:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors();
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors(options => options.WithOrigins(Configuration.GetValue<string>("Cors:AllowedSite")).AllowAnyMethod().AllowAnyHeader().AllowCredentials());
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
谢谢你给我的所有答案。 我希望这会在将来帮助某人。 但是我仍然很奇怪将 CORS 与策略一起使用有什么问题。
将您的代码修复为:
app.UseCors("Policy1");
services.AddCors(options =>
{
options.AddPolicy("Policy1",
builder =>
{
.builder.WithOrigins("http://localhost:4200")
.AllowAnyHeader()
.AllowAnyMethod();
});
});
并删除
[EnableCors("Policy1")]
从 controller 动作。
我能够在 .NET Core 3.1 中像这样全局地允许 CORS :
Startup.cs 代码:
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddCors(options =>
{
options.AddPolicy(name: "AllowCORS", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("AllowCORS");
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
用这个:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowOrigin", builder =>
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod());
});
//...
}
如果它不起作用,请将 Mvc 兼容版本设置为 3.0 使用
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
像这样:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowOrigin", builder =>
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod());
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
//...
}
我需要在配置中更改调用 app.UseCors("CORS_POLICY") 的顺序。
无效:
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.ConfigureMetrics();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseUserContextClaimsInjector();
app.UseGlobalExceptionHandlerMiddleware();
app.UseResponseCompression();
app.UseSwagger();
app.UseSwaggerUI();
app.UseStaticFiles();
app.ConfigureHealthCheck();
app.UseResponseCompression();
app.UseCors("CORS_POLICY");
作品:
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("CORS_POLICY");
app.ConfigureMetrics();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseUserContextClaimsInjector();
app.UseGlobalExceptionHandlerMiddleware();
app.UseResponseCompression();
app.UseSwagger();
app.UseSwaggerUI();
app.UseStaticFiles();
app.ConfigureHealthCheck();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.