.NET Core 2.0中的CORS" No' Access-Control-Allow-Origin'标头出现在请求的资源上。"

时间:2018-02-06 18:47:00

标签: asp.net asp.net-core cors

我使用Core 2.0创建了一个web api,当启用跨域调用w / cors时,会收到以下错误:" No' Access-Control-Allow-Origin'标头出现在请求的资源上。"

以下是我在startup.cs中的配置:

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddLogging();
        services.AddMvc();
        services.AddCors(options =>
        {
            options.AddPolicy("AllowAll",
                builder =>
                {
                    builder
                    .AllowAnyOrigin()
                    .AllowAnyMethod()
                    .AllowAnyHeader();
                });
        });

        services.Configure<MvcOptions>(options =>
        {
            options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAll"));
        });
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();
        app.UseMvc();
        app.UseCors("AllowAll");    
    }

根据我在stackoverflow上看到的每个帖子/教程,或者在哪里,这是允许所有来源的正确方法。我错过了什么?

2 个答案:

答案 0 :(得分:5)

app.UseCors("AllowAll");之前尝试致电:app.UseMvc();

documentation声明如下:

  

要为整个应用程序启用CORS,请使用UseCors扩展方法将CORS中间件添加到请求管道。请注意,CORS中间件必须先于您应用中要支持跨源请求的任何已定义端点(例如,在任何对UseMvc 的调用之前)。

答案 1 :(得分:3)

我可能错了,但本教程可以帮助你。

https://www.pointblankdevelopment.com.au/blog/113/aspnet-core-20-angular-24-user-registration-and-login-tutorial-example

以下是startup.cs中的配置

public void ConfigureServices(IServiceCollection services)
    {
        services.AddCors();
        services.AddDbContext<DataContext>(x => x.UseInMemoryDatabase("TestDb"));
        services.AddMvc();
        services.AddAutoMapper();

        // configure strongly typed settings objects
        var appSettingsSection = Configuration.GetSection("AppSettings");
        services.Configure<AppSettings>(appSettingsSection);

        // configure jwt authentication
        var appSettings = appSettingsSection.Get<AppSettings>();
        var key = Encoding.ASCII.GetBytes(appSettings.Secret);
        services.AddAuthentication(x =>
        {
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddJwtBearer(x =>
        {
            x.RequireHttpsMetadata = false;
            x.SaveToken = true;
            x.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(key),
                ValidateIssuer = false,
                ValidateAudience = false
            };
        });

        // configure DI for application services
        services.AddScoped<IUserService, UserService>();
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        // global cors policy
        app.UseCors(x => x
            .AllowAnyOrigin()
            .AllowAnyMethod()
            .AllowAnyHeader()
            .AllowCredentials());

        app.UseAuthentication();

        app.UseMvc();
    }
相关问题
最新问题