CORS标头未设置

Question

我似乎无法在我的Web API控制器请求中获得任何CORS标头。

我目前正在使用ASP.net 5 - coreclr，我已经添加了Microsoft.AspNet.Cors 6.0.0-rc1-final

public void ConfigureServices(IServiceCollection services)
{
        services.AddCors(options =>
        {
            options.AddPolicy("AllowAll", builder => builder.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
        });

        services.AddMvc();

        services.AddSingleton<ConnectionMultiplexer>(x => ConnectionMultiplexer.Connect("localhost"));
        services.AddScoped<IDatabase>(x => (x.GetService(typeof(ConnectionMultiplexer)) as ConnectionMultiplexer).GetDatabase());
        services.AddScoped<IFitnessStorage, FitnessStorage>();
        services.AddScoped<IFitnessTrackingService, FitnessTrackingService>();
}


public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        app.UseCors("AllowAll");
        app.UseIISPlatformHandler();
        app.UseStaticFiles();
        app.UseMvc();
}

我的控制器上没有[EnableCors]，因为UseCors应该为每个请求设置它 - AFAIK ..

  HTTP/1.1 200 OK
  Date: Wed, 20 Jan 2016 11:24:36 GMT
  Content-Type: application/json; charset=utf-8
  Server: Kestrel
  Transfer-Encoding: chunked

  GET /api/FitnessTrackGroup HTTP/1.1
  Host: localhost:5000
  Connection: keep-alive
  Pragma: no-cache
  Cache-Control: no-cache
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
  Upgrade-Insecure-Requests: 1
  User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
  DNT: 1
  Accept-Encoding: gzip, deflate, sdch
  Accept-Language: da,en-US;q=0.8,en;q=0.6,nb;q=0.4

Answer 1

如果您的请求不包含Origin标头，即同源请求，则CORS中间件实际上是noop。这基本上是在第一步拯救......

Chrome在同源GET请求中不包含Origin标头...请参阅Chrome adding Origin header to same-origin request。