标题错误中没有“Access-Control-Allow-Origin”

时间:2018-04-09 14:45:31

标签: asp.net-core cors

我正在使用带有asp.net核心后端的Angular 2应用程序。我正在尝试打印pdf(下面的客户端代码)。当我在我们的开发服务器上运行时,一切正常;然而,我正在进行生产

  

无法加载api_url:请求的资源上没有“Access-Control-Allow-Origin”标头。因此,不允许访问原始网址。

我见过的所有内容都提到了一些关于CORS策略的内容,但我不明白这在一台服务器上是如何正常工作的,而在另一台服务器上却没有。此外,它似乎在访问其他API端点时检索正常。

客户端api电话:

getPDF(pickupId: string): void {
    this.printingSub.next(true);
    this._http.get(this._dataUrl + 'pickupsheet?pickupid=' + pickupId + '&barcode=true', { responseType: ResponseContentType.Blob })
        .catch(error => this.handleError(error))
        .subscribe((response: Response) => {
            this.pdfBlob = new Blob([response.blob()], { type: 'application/pdf' });
            const blobUrl = URL.createObjectURL(this.pdfBlob);
            const iframe = document.createElement('iframe');
            iframe.style.display = 'none';
            iframe.src = blobUrl;
            document.body.appendChild(iframe);
            iframe.contentWindow.print();
            this.printingSub.next(false);
        });
}

Startup.cs

public class Startup
{
    public IConfiguration Configuration { get; }
    public IConfigurationSection AppSettings { get; }

    public Startup(IHostingEnvironment env)
    {
        var builder = new ConfigurationBuilder()
            .SetBasePath(env.ContentRootPath)
            .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
            .AddJsonFile(@"appsettings.{env.EnvironmentName}.json", optional: true, reloadOnChange: true)
            .AddEnvironmentVariables();
        Configuration = builder.Build();
        AppSettings = Configuration.GetSection("appSettings");
    }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        ConfigureDatabase();
        ConfigurePolicies(services);

        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
        services.AddOptions();
        services.Configure<AppAccessSettings>(s =>
        {
            s.Env = AppSettings.GetSection("env").Value;
            s.EnableAuth = bool.Parse(AppSettings.GetSection("enableAuth").Value);
        });

        services.AddMvc().AddJsonOptions(options =>
            options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.DefaultContractResolver()
        );
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        // Configure JWT authentication
        Authentication.SetVarFromFile(AppSettings.GetSection("authFile").Value);
        Authentication.SetAuth(ref app, AppSettings.GetSection("audience").Value);
        app.UseCors("CorsPolicy");
        app.UseMvc();
    }

    private void ConfigureDatabase()
    {
        string dbSource = AppSettings.GetSection("env").Value;
        OracleEnv.Connection = Configuration.GetSection("connectionStrings").GetSection(dbSource).Value;
    }

    private void ConfigurePolicies(IServiceCollection services)
    {
        services.AddCors(options =>
        {
            options.AddPolicy("CorsPolicy",
                builder => builder.AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials());
        });

        services.AddAuthorization(options =>
        {
            options.AddPolicy("EnableAuth",
                policy => policy.Requirements.Add(new AuthRequirement(Configuration)));
        });

        services.AddSingleton<IAuthorizationHandler, UserAuthHandler>();
    }
}

private void ConfigurePolicies(IServiceCollection services)
    {
        services.AddCors(options =>
        {
            options.AddPolicy("CorsPolicy",
                builder => builder.AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials());
        });

        services.AddAuthorization(options =>
        {
            options.AddPolicy("EnableAuth",
                policy => policy.Requirements.Add(new AuthRequirement(Configuration)));
        });

        services.AddSingleton<IAuthorizationHandler, UserAuthHandler>();
    }

皮卡表API方法

[Route("PickupSheet")]
    public IActionResult GetPickupSheet(string pickupId, bool barCode)
    {
        PbReportGenerator rpt = new PbReportGenerator();
        byte[] report = rpt.RetrievePDFReport(232, new Dictionary<string, string>
        {
            { pickupId, "string" },
            { (barCode ? 1 : 0).ToString(), "int" }
        });

        var stream = new MemoryStream(report);
        var response = File(stream, "application/pdf", String.Format("Report232_{0}.pdf", pickupId)); 

        return response;
    }

1 个答案:

答案 0 :(得分:0)

您需要为每个请求设置withCredentials

this._http.get(URL, { responseType: ResponseContentType.Blob, withCredentials: true })