有数百万篇文章和问题与此问题相关,但我找不到我的代码有什么问题。我有Startup
, StartupProduction
, and StartupDevelopment
如下。另外,我正在使用ASP.Net Core 5
,并基于文档 https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-5.0#enable-cors-with-endpoint-routing我认为我这样做是正确的。
仅供参考,起初,我使用AllowAnyOrigin
用于开发,但我也测试.WithOrigins("http://localhost:3000")
而且效果很好。我的后端运行在https://localhost:44353
正在开发和正在开发中https://api.example.com
在生产中。
public class Startup
{
protected const string CorsPolicyName = "CorsPolicyName";
public virtual void ConfigureServices(IServiceCollection services)
{
services.AddControllers()
.AddJsonOptions(options =>
{
options.JsonSerializerOptions.Converters.Add(
new System.Text.Json.Serialization.JsonStringEnumConverter());
});
services.AddABunchOfOtherServices();
}
public virtual void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseCors(CorsPolicyName);
app.UseAuthentication();
app.UseAuthorization();
app.UseMiddleware<CheckUserConfirmedMiddleware>();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute
(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}"
)
.RequireCors(CorsPolicyName);
});
}
}
public class StartupProduction : Startup
{
public override void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy(
CorsPolicyName,
policy => policy
.WithOrigins("https://example.com", "http://example.com")
//.WithOrigins(Configuration.GetValue<string>("AllowedHosts").Split(';').ToArray())
.AllowAnyMethod()
.AllowAnyHeader());
});
base.ConfigureServices(services);
}
public override void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseMiddleware(typeof(ErrorHandlingMiddleware));
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
base.Configure(app, env);
}
}
public class StartupDevelopment : Startup
{
public override void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
options.AddPolicy(
CorsPolicyName,
policy =>
policy
//.AllowAnyOrigin()
.WithOrigins("http://localhost:3000")
.AllowAnyMethod()
.AllowAnyHeader()
)
);
base.ConfigureServices(services);
services.AddSwaggerGen(....);
}
public override void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseMiddleware<DevelopmentErrorHandlingMiddleware>();
base.Configure(app, env);
app.UseSwagger();
app.UseSwaggerUI(options =>
{
options.SwaggerEndpoint("swagger/v1/swagger.json", "API v1");
options.RoutePrefix = string.Empty;
});
}
}
我也尝试过默认策略 https://learn.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-5.0#cors-with-default-policy-and-middleware.
Update
我已经设置了Environment
to Production
在 Visual Studio 中对其进行调试,现在我在开发中面临同样的问题。
从源“http://localhost:3000”获取“https://localhost:44353/api/v1/User”的访问已被 CORS 策略阻止:对预检请求的响应未通过访问控制检查:否请求的资源上存在“Access-Control-Allow-Origin”标头。如果不透明响应满足您的需求,请将请求模式设置为“no-cors”以在禁用 CORS 的情况下获取资源。
解决方案
我注意到是 IIS 阻止了该请求。它仅在我有时才有效"AllowedHosts": "*",
in my appsettings.json
。因此,作为解决方法,我添加了"MyRandomKey": "https://example.com",
in my appsettings.json
并在我的中使用以下内容Startup
.
services.AddCors(options =>
options.AddPolicy(
CorsPolicyName,
policy =>
policy
.WithOrigins(Configuration.GetValue<string>("MyRandomKey").Split(";").ToArray())
.AllowAnyMethod()
.AllowAnyHeader()
)
);