Cordova Web API 2的Cors错误

时间:2016-02-01 15:31:03

标签: cordova cors

一切都很好,几天前,我的应用程序崩溃了。我不知道为什么会这样。我收到了错误

  

XMLHttpRequest无法加载http://localhost:57859/token。没有   请求中存在“Access-Control-Allow-Origin”标头   资源。因此不允许来源“http://localhost:4400”   访问。

所以我改变了服务http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {

     // Web API configuration and services
     config.EnableCors();

和控制器

[EnableCors(origins: "*", headers: "*", methods: "*")]

我收到新错误

  

'Access-Control-Allow-Origin'中不能使用通配符'*'   凭证标志为true时的标头。起源   因此,“http://localhost:4400”不允许访问。

如何在我的项目中禁用corse?安全吗?我听说过cordova自动禁用corse

我的代码是

    $.ajax({
        async: false,
        type: "POST",
        xhrFields: {
           withCredentials: true
        },
        crossDomain: true,
        dataType: "json",
        xhrFields: {
           withCredentials: true
        },
        url: "http://localhost:57859/token",//Clouda.Settings.signInUrl
        dataType: "json",
        data: "grant_type=password&username=mario&password=gitara",//"grant_type=password&username="+login+"&password="+password,
        success: function (data, textStatus, jqXHR) {
            if (data['succes'] === true) {
            }
            //tworzenie sesji
            var today = new Date();
            var expirationDate = new Date();
            expirationDate.setTime(today.getTime() + Clouda.Settings.sesstionTimeoutInMSec);
            Clouda.Session.getInstance().set({
                userProfileModel: data['token_type'],
                sessionId: data['access_token'],
               expirationDate: expirationDate,
               keepSignedIn: me.$chkKeepSignedIn.is(":checked")
            });
            $.mobile.navigate(me.bookingsPageId);
            return;
        },
        error: function (xhr, ajaxOptions, thrownError) {
           alert(JSON.stringify(xhr));
           alert(thrownError);
        }
    });

和授权服务器

using System; using Microsoft.Owin; using Microsoft.Owin.Security.OAuth; using Owin; using Clouda.Provider; using Microsoft.AspNet.Identity; using Microsoft.AspNet.Identity.EntityFramework; using Microsoft.AspNet.Identity.Owin; using Clouda.Models; using System.Web.Http.Cors;

[assembly: OwinStartup(typeof(Clouda.Startup))]

namespace Clouda {    [EnableCors(origins: "*", headers: "*", methods: "*")]    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
         app.CreatePerOwinContext<cloudAEntities>(() => new cloudAEntities()); 
         app.CreatePerOwinContext<UserManager<IdentityUser>>(CreateManager);  

         //token generation
         app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
         {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(60),
            Provider = new SimpleAuthorrizationServerProvider()
         });
         // Token Generation
         app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
         //app.UseWebApi(WebApiConfig.Register());
        }

        private static UserManager<IdentityUser> CreateManager(IdentityFactoryOptions<UserManager<IdentityUser>> options, IOwinContext context)
        {
            var userStore = new UserStore<IdentityUser>(context.Get<cloudAEntities>());
            var manager = new UserManager<IdentityUser>(userStore);
            return manager;
        }
    } }

0 个答案:

没有答案