在 Asp Core 项目中启用 CORS 的问题
Problems Enabling CORS in Aps Core project
各位!
我正在努力在 Asp.Core 项目中配置 CORS。
这是我的 Startup.cs 文件:
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.AspNetCore.Mvc.Cors.Internal;
namespace Api
{
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddMvcCore()
.AddJsonFormatters()
.AddAuthorization();
services.AddCors(options =>
{
options.AddPolicy("AllowSpecificOrigin",
builder => builder.WithOrigins("http://localhost:54540").AllowAnyHeader().AllowAnyMethod().AllowCredentials());
}
);
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSpecificOrigin"));
});
}
public void Configure(IApplicationBuilder app)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = "http://localhost:54540",
RequireHttpsMetadata = false,
ScopeName = "api1",
AutomaticAuthenticate = true
});
app.UseMvc();
app.UseCors("AllowSpecificOrigin");
}
}
}
这是我的要求:
$.ajax({
type: "GET",
url: "http://localhost:1773/Claims/",
headers: {
Authorization: "Bearer " + getUrlParameter("access_token"),
},
xhrFields: {
withCredentials: true
}
}).done(function (data) {
alert(data);
});
我收到这样的回复:
XMLHttpRequest cannot load http://localhost:1773/Claims/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:54540' is therefore not allowed access. The response had HTTP status code 500.
我在我的控制器中添加了 [EnableCors("AllowSpecificOrigin")]。
如果有人能帮助我,我将不胜感激。
如果您在 CORS 中间件之前添加 MVC/IdentityServer 中间件,它将无法工作,因为 IdentityServer 中间件(假设 /Claims 由它处理)将处理请求并且不会调用后面的 MVC 和 CORS 中间件.
各位!
我正在努力在 Asp.Core 项目中配置 CORS。
这是我的 Startup.cs 文件:
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection;
using System.IdentityModel.Tokens.Jwt;
using Microsoft.AspNetCore.Mvc.Cors.Internal;
namespace Api
{
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddMvcCore()
.AddJsonFormatters()
.AddAuthorization();
services.AddCors(options =>
{
options.AddPolicy("AllowSpecificOrigin",
builder => builder.WithOrigins("http://localhost:54540").AllowAnyHeader().AllowAnyMethod().AllowCredentials());
}
);
services.Configure<MvcOptions>(options =>
{
options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSpecificOrigin"));
});
}
public void Configure(IApplicationBuilder app)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
Authority = "http://localhost:54540",
RequireHttpsMetadata = false,
ScopeName = "api1",
AutomaticAuthenticate = true
});
app.UseMvc();
app.UseCors("AllowSpecificOrigin");
}
}
}
这是我的要求:
$.ajax({
type: "GET",
url: "http://localhost:1773/Claims/",
headers: {
Authorization: "Bearer " + getUrlParameter("access_token"),
},
xhrFields: {
withCredentials: true
}
}).done(function (data) {
alert(data);
});
我收到这样的回复:
XMLHttpRequest cannot load http://localhost:1773/Claims/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:54540' is therefore not allowed access. The response had HTTP status code 500.
我在我的控制器中添加了 [EnableCors("AllowSpecificOrigin")]。
如果有人能帮助我,我将不胜感激。
如果您在 CORS 中间件之前添加 MVC/IdentityServer 中间件,它将无法工作,因为 IdentityServer 中间件(假设 /Claims 由它处理)将处理请求并且不会调用后面的 MVC 和 CORS 中间件.