asp.net核心2.1跨组织策略。当添加为CORS时,只有单个网址有效

时间:2019-03-27 09:39:20

标签: c# .net-core cors asp.net-core-2.1

我正在尝试添加多个RUL,应该将其列入CORS的白名单。

问题仅是单个url工作。我的代码如下

public class StartupShutdownHandler
{
    private static readonly log4net.ILog Logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
    private const string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
    public StartupShutdownHandler(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }
    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
        services.AddMvc(options => { options.RespectBrowserAcceptHeader = true; }).AddXmlSerializerFormatters().AddXmlDataContractSerializerFormatters();

        CorsRelatedPolicyAddition(services);
    }
    private void CorsRelatedPolicyAddition(IServiceCollection services)
    {
/*        var lstofCors = ConfigurationHandler.GetSection<List<string>>(StringConstants.AppSettingsKeys.CORSWhitelistedURL);
*/
var lstofCors = new  List<string> {"url1", "url2"}

        if (lstofCors != null && lstofCors.Count > 0 && lstofCors.Any(h => !string.IsNullOrWhiteSpace(h)))
        {
            services.AddCors(options =>
            {
                //https://stackoverflow.com/questions/43985620/asp-net-core-use-multiple-cors-policies
                foreach (var entry in lstofCors.FindAll(h => !string.IsNullOrWhiteSpace(h)))
                {
                    options.AddPolicy(MyAllowSpecificOrigins, builder => { builder.WithOrigins(entry); });
                }
            });
        }            
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime applicationLifetime)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseCors(MyAllowSpecificOrigins);

        // CheckAndEnableDetailLogs(app);
        app.UseMvc();                    
    }       
}

1 个答案:

答案 0 :(得分:1)

您将覆盖阵列中每个条目的选项。

只需将条目添加为字符串数组即可。 

    var lstofCors = new  string[] {"url1", "url2"};
    services.AddCors(options =>
        {
           options.AddPolicy(MyAllowSpecificOrigins, builder => { builder.WithOrigins(lstofCors.ToArray()).AllowAnyMethod(); });
        });
}

编辑: 我添加了AllowAnyMethod(),看起来只有get方法可以正常工作

相关问题
最新问题