我通过安装必要的nuget包并在我的web api配置类中调用config.EnableCors()
,为我的REST API(使用ASP.NET Web API技术开发)启用了跨源资源共享(CORS)。
当我尝试从localhost上的另一个普通html站点对我的localhost上运行的应用程序进行跨站点调用时,这种奇异的变化似乎也有效。由于单一来源限制,之前失败了。
现在已将此更新部署到生产测试环境,似乎无法正常工作。几乎把我所有的头发拉出来寻找解决方案。也许有人可以帮我识别我错过的东西。
答案 0 :(得分:0)
您是否使用EnableCors
属性标记了控制器?
e.g。来自Enabling Cross-Origin Requests in ASP.NET Web API 2
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Cors;
namespace WebService.Controllers
{
[EnableCors(origins: "http://mywebclient.azurewebsites.net", headers: "*", methods: "*")]
public class TestController : ApiController
{
// Controller methods not shown...
}
}
答案 1 :(得分:0)
我有同样的问题。
使用此工具进行调查:
https://www.test-cors.org/#?client_method=GET&client_credentials=true&client_headers=X-Api-Version%3A%202.0&server_url=http%3A%2F%2Falfa.jobit.io&server_enable=true&server_status=200&server_credentials=true&server_methods=POST%2C%20GET%2C%20OPTIONS&server_headers=X-Api-Version&server_tabs=local
还没有解决方案!
已发送选项,但没有实际请求。这是Wireshark中的样子:
我花了50多个小时来学习有关CROSS的知识。直到我意识到本地主机的行为有所不同。
一旦添加自定义标头(在本例中为api版本),就会使用Preflight 。 在本地主机和生产环境中,prelight成功返回。我仍在调查中,解决后将完成此答案。
这是我与在localhost上运行的服务器成功交叉的标头:
############ Request Headers (OPTIONS) ############
=== Request Details ===
Access-Control-Request-Method: GET
Origin: http://alfa.example.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.20 Safari/537.36
Access-Control-Request-Headers: api-version
Accept: */*
############ Response Headers (Get) ############
=== Request Details ===
Connetion: Close
Date: Mon, 29 Oct 2018 19:50:40 GMT
Content-Type: application/json
Server: Kestrel
Transfer-Encoding: identity
Content-Encoding: identity
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: api-version, Accept-Encoding, Accept-Language, User-Agent, Host, Connection, Authorization, timezone, X-CSRF-Token, Origin, X-Requested-With, Accept, Content-Type, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name
Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: http://alfa.example.io
Request-Context: appId=cid-v1:0bdcbef4-4877-4790-bf3a-93aa6498f4df
############ Request Headers (GET) ############
=== Request Details ===
Accept: application/json, text/plain, */*
Origin: http://alfa.example.io
api-version: 2.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.20 Safari/537.36
############ Request Finished (Options) ############
=== Request ===
Method: GET
URL: http://localhost:5000/contacts/register/23
=== XHR Headers ===
Pragma: no-cache
Access-Control-Request-Method: GET
Origin: http://alfa.example.io
Accept-Encoding: gzip, deflate, br
Host: localhost:5000
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.20 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://alfa.example.io/?debug=&invitation=CB89EDA9-C305-464E-99A9-8AA861F44A6F
Connection: keep-alive
Access-Control-Request-Headers: api-version
############ Response Headers (Get) ############
=== Request Details ===
Date: Mon, 29 Oct 2018 19:50:40 GMT
Content-Type: application/json; charset=utf-8
Server: Kestrel
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Expires: -1
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: api-version, Accept-Encoding, Accept-Language, User-Agent, Host, Connection, Authorization, timezone, X-CSRF-Token, Origin, X-Requested-With, Accept, Content-Type, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name
Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: http://alfa.example.io
Request-Context: appId=cid-v1:0bdcbef4-4877-4790-bf3a-93aa6498f4df
Api-Supported-Version: 2.0
############ Request Finished (GET) ############
=== Request ===
Method: GET
URL: http://localhost:5000/contacts/register/23
=== XHR Headers ===
Pragma: no-cache
Origin: http://alfa.example.io
Accept-Encoding: gzip, deflate, br
Host: localhost:5000
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
api-version: 2.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.20 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: http://alfa.example.io/?debug=&invitation=CB89EDA9-C305-464E-99A9-8AA861F44A6F
Cookie: _ga=GA1.1.2021313723.1538951960; __test=1; _gid=GA1.1.1427728347.1540763978
Connection: keep-alive