问题描述
我正在.NET Core 3.1 Web应用程序中设置CORS策略,但出现错误提示
Access to XMLHttpRequest at 'http://10.10.100.60/api/api/values/getmyorders?toOrder=false&uId=8c3d745b-78b7-47ed-ac93-310fe61b8daf' from origin 'http://10.10.100.66:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
我以前从未遇到过此飞行前错误。
这就是我的Startup
的样子
public void ConfigureServices(IServiceCollection services)
{
//code shortened for brevity
services.AddCors();
}
public void Configure(IApplicationBuilder app,IHostingEnvironment env,ILoggerFactory loggerFactory)
{
loggerFactory.AddProvider(new Log4NetProvider("log4net.config",true));
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
// The default HSTS value is 30 days. You may want to change this for production scenarios,see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseCors(x => x
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
我也尝试过使用其他CORS方法,例如具有命名策略和中间件以及默认策略的CORS,但是我仍然遇到相同的预检错误。关于如何进行的任何建议?
解决方法
这是几个小时后为我工作的。
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowAllHeaders",builder =>
{
builder.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
}
public void Configure(IApplicationBuilder app,IHostingEnvironment env,ILoggerFactory loggerFactory)
{
app.UseCors("AllowAllHeaders");
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
我现在仅使用AllowAnyOrigin()
,AllowAnyHeader()
和AllowAnyMethod()
。我认为AllowCredentials()
存在问题。希望这个答案对将来的人有所帮助。