CORS适用于localhost但不适用于Production Server

时间:2015-05-07 18:41:19

标签: asp.net asp.net-web-api cors

我通过安装必要的nuget包并在我的web api配置类中调用config.EnableCors(),为我的REST API(使用ASP.NET Web API技术开发)启用了跨源资源共享(CORS)。

当我尝试从localhost上的另一个普通html站点对我的localhost上运行的应用程序进行跨站点调用时,这种奇异的变化似乎也有效。由于单一来源限制,之前失败了。

现在已将此更新部署到生产测试环境,似乎无法正常工作。几乎把我所有的头发拉出来寻找解决方案。也许有人可以帮我识别我错过的东西。

2 个答案:

答案 0 :(得分:0)

您是否使用EnableCors属性标记了控制器?

e.g。来自Enabling Cross-Origin Requests in ASP.NET Web API 2

using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Cors;

namespace WebService.Controllers
{
    [EnableCors(origins: "http://mywebclient.azurewebsites.net", headers: "*", methods: "*")]
    public class TestController : ApiController
    {
        // Controller methods not shown...
    }
}

答案 1 :(得分:0)

我有同样的问题。

使用此工具进行调查:

https://www.test-cors.org

https://www.test-cors.org/#?client_method=GET&client_credentials=true&client_headers=X-Api-Version%3A%202.0&server_url=http%3A%2F%2Falfa.jobit.io&server_enable=true&server_status=200&server_credentials=true&server_methods=POST%2C%20GET%2C%20OPTIONS&server_headers=X-Api-Version&server_tabs=local

还没有解决方案!

已发送选项,但没有实际请求。这是Wireshark中的样子:

enter image description here

我花了50多个小时来学习有关CROSS的知识。直到我意识到本地主机的行为有所不同。

一旦添加自定义标头(在本例中为api版本),就会使用

Preflight 。 在本地主机和生产环境中,prelight成功返回。我仍在调查中,解决后将完成此答案。

这是我与在localhost上运行的服务器成功交叉的标头:

############ Request Headers (OPTIONS) ############

=== Request Details ===

Access-Control-Request-Method: GET
Origin: http://alfa.example.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.20 Safari/537.36
Access-Control-Request-Headers: api-version
Accept: */*

############ Response Headers (Get) ############

=== Request Details ===

Connetion: Close
Date: Mon, 29 Oct 2018 19:50:40 GMT
Content-Type: application/json
Server: Kestrel
Transfer-Encoding: identity
Content-Encoding: identity
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: api-version, Accept-Encoding, Accept-Language, User-Agent, Host, Connection, Authorization, timezone, X-CSRF-Token, Origin, X-Requested-With, Accept, Content-Type, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name
Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: http://alfa.example.io
Request-Context: appId=cid-v1:0bdcbef4-4877-4790-bf3a-93aa6498f4df

############ Request Headers (GET) ############

=== Request Details ===

Accept: application/json, text/plain, */*
Origin: http://alfa.example.io
api-version: 2.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.20 Safari/537.36

############ Request Finished (Options) ############

=== Request ===

Method: GET
URL:    http://localhost:5000/contacts/register/23

=== XHR Headers ===

Pragma: no-cache
Access-Control-Request-Method: GET
Origin: http://alfa.example.io
Accept-Encoding: gzip, deflate, br
Host: localhost:5000
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.20 Safari/537.36
Accept: */*
Cache-Control: no-cache
Referer: http://alfa.example.io/?debug=&invitation=CB89EDA9-C305-464E-99A9-8AA861F44A6F
Connection: keep-alive
Access-Control-Request-Headers: api-version

############ Response Headers (Get) ############

=== Request Details ===

Date: Mon, 29 Oct 2018 19:50:40 GMT
Content-Type: application/json; charset=utf-8
Server: Kestrel
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Expires: -1
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: api-version, Accept-Encoding, Accept-Language, User-Agent, Host, Connection, Authorization, timezone, X-CSRF-Token, Origin, X-Requested-With, Accept, Content-Type, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name
Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS
Access-Control-Allow-Origin: http://alfa.example.io
Request-Context: appId=cid-v1:0bdcbef4-4877-4790-bf3a-93aa6498f4df
Api-Supported-Version: 2.0

############ Request Finished (GET) ############

=== Request ===

Method: GET
URL:    http://localhost:5000/contacts/register/23

=== XHR Headers ===

Pragma: no-cache
Origin: http://alfa.example.io
Accept-Encoding: gzip, deflate, br
Host: localhost:5000
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
api-version: 2.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.20 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: http://alfa.example.io/?debug=&invitation=CB89EDA9-C305-464E-99A9-8AA861F44A6F
Cookie: _ga=GA1.1.2021313723.1538951960; __test=1; _gid=GA1.1.1427728347.1540763978
Connection: keep-alive