.NETCore2.1中的CORS-没有返回用于简单配置的头
我基本上遵循了这个文档:试图在我的项目中正确地设置它,但到目前为止还没有缺少。我想我尝试了每一种组合,包括中间人和服务、改变订单等 当使用postman进行测试时,在对API端点进行POST调用时,我看不到任何与CORS相关的头 正在使用API并在.NETCore2.1中的CORS-没有返回用于简单配置的头,.net,asp.net-core,cors,.net-core,asp.net-core-mvc,.net,Asp.net Core,Cors,.net Core,Asp.net Core Mvc,我基本上遵循了这个文档:试图在我的项目中正确地设置它,但到目前为止还没有缺少。我想我尝试了每一种组合,包括中间人和服务、改变订单等 当使用postman进行测试时,在对API端点进行POST调用时,我看不到任何与CORS相关的头 正在使用API并在http:/localhost:3000上运行的我的应用程序在尝试对API端点进行POST调用时出现CORS错误 这是我的整个Startup.cs课程: public class Startup { public Startup(IHostin
http:/localhost:3000
上运行的我的应用程序在尝试对API端点进行POST调用时出现CORS错误
这是我的整个Startup.cs
课程:
public class Startup
{
public Startup(IHostingEnvironment hostingEnvironment, IConfiguration configuration)
{
HostingEnvironment = hostingEnvironment;
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public IHostingEnvironment HostingEnvironment { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddInjectionByAttribute();
services.AddDbContext<MoneyTrackigContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));
services.AddDbContext<UserContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("UserDbConnection")));
services.AddIdentity<IdentityUser, IdentityRole>(o =>
{
o.Password.RequireDigit = false;
o.Password.RequiredLength = 6;
o.Password.RequireLowercase = false;
o.Password.RequireNonAlphanumeric = false;
o.Password.RequireUppercase = false;
})
.AddEntityFrameworkStores<UserContext>()
.AddDefaultTokenProviders();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); // => remove default claims
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(cfg =>
{
cfg.RequireHttpsMetadata = HostingEnvironment.IsDevelopment();
cfg.SaveToken = true;
cfg.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = Configuration.GetSection("JwtOptions")["JwtIssuer"],
ValidAudience = Configuration.GetSection("JwtOptions")["JwtIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration.GetSection("JwtOptions")["JwtKey"])),
ClockSkew = TimeSpan.Zero // remove delay of token when expire
};
});
services.AddAuthorization(o =>
{
o.AddPolicy(Policy.DefaultUser, policy => policy.RequireClaim(ClaimName.User));
});
services.AddAutoMapper();
services.AddCors();
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseCors(b => b.WithOrigins("http:/localhost:3000").AllowAnyHeader().AllowAnyMethod());
app.UseMvc();
}
}
公共类启动
{
公共启动(IHostingEnvironment hostingEnvironment、IConfiguration配置)
{
HostingEnvironment=HostingEnvironment;
配置=配置;
}
公共IConfiguration配置{get;}
公共IHostingEnvironment主机环境{get;}
//此方法由运行时调用。请使用此方法将服务添加到容器中。
public void配置服务(IServiceCollection服务)
{
services.AddInjectionByAttribute();
services.AddDbContext(选项=>
options.UseSqlServer(Configuration.GetConnectionString(“DefaultConnection”));
services.AddDbContext(选项=>
options.UseSqlServer(Configuration.GetConnectionString(“UserDbConnection”));
服务。附加性(o=>
{
o、 Password.RequireDigit=false;
o、 Password.RequiredLength=6;
o、 Password.RequireLowercase=false;
o、 Password.RequireNonAlphanumeric=false;
o、 Password.RequireUppercase=false;
})
.AddEntityFrameworkStores()
.AddDefaultTokenProviders();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();//=>删除默认声明
services.AddAuthentication(o=>
{
o、 DefaultAuthenticateScheme=JwtBearerDefaults.AuthenticationScheme;
o、 DefaultScheme=JwtBearerDefaults.AuthenticationScheme;
o、 DefaultChallengeScheme=JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(cfg=>
{
cfg.RequireHttpsMetadata=HostingEnvironment.IsDevelopment();
cfg.SaveToken=true;
cfg.TokenValidationParameters=新的TokenValidationParameters
{
ValidIssuer=Configuration.GetSection(“JwtOptions”)[“JwtIssuer”],
validudience=Configuration.GetSection(“JwtOptions”)[“JwtIssuer”],
IssuerSigningKey=new-SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration.GetSection(“JwtOptions”)[“JwtKey”]),
ClockSkew=TimeSpan.Zero//在令牌过期时删除其延迟
};
});
services.AddAuthorization(o=>
{
o、 AddPolicy(Policy.DefaultUser,Policy=>Policy.requirecarel(ClaimName.User));
});
services.AddAutoMapper();
services.AddCors();
services.AddMvc();
}
//此方法由运行时调用。请使用此方法配置HTTP请求管道。
公共无效配置(IApplicationBuilder应用程序,IHostingEnvironment环境)
{
if(env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseCors(b=>b.WithOrigins(“http:/localhost:3000”).AllowAnyHeader().AllowAnyMethod());
app.UseMvc();
}
}
我错过了什么明显的东西吗?你知道是什么导致了这个问题吗。整个过程看起来非常简单,但却被卡住了。您需要在Postman中添加一个Origin头以获得相应的响应 找到了原因。 .NET CORE不会附加CORS标头,以防出现应用程序异常和请求wansn未正确处理。所以API返回500而没有CORS头,浏览器将其处理为CORS错误,而不是API错误,这就是我误用它的原因。
问题中发布的配置运行良好仅对于遇到此问题的任何人,在设置原点的“b.WithOrigins”中的协议中缺少斜杠。