Fatal编程技术网
  • csharp/
  • C# 来自一个组件的CORS错误,但不来自其他组件

C# 来自一个组件的CORS错误,但不来自其他组件

c# .net reactjs firebase azure

C# 来自一个组件的CORS错误,但不来自其他组件,c#,.net,reactjs,firebase,azure,C#,.net,Reactjs,Firebase,Azure,我有一个应用程序是.NET Core 3.1.3,带有React 16,当我在生产中调用API(Azure/Firebase)时,我从一个特定组件得到一个CORS错误 在大多数应用程序中,一切都能正常工作,所有axios调用的基本url都设置在一个文件中,所有post请求都通过rootHttp类的一个方法 addItem(model, data){ return axios.post( this.rootUrl + '/' + model, data, {

我有一个应用程序是.NET Core 3.1.3,带有React 16,当我在生产中调用API(Azure/Firebase)时,我从一个特定组件得到一个CORS错误

在大多数应用程序中,一切都能正常工作,所有axios调用的基本url都设置在一个文件中,所有post请求都通过rootHttp类的一个方法

    addItem(model, data){
      return axios.post(
          this.rootUrl + '/' + model, data, {headers: this.headers}
      );
    }
    //Posts new item to API
除了来自employee组件的POST调用之外,所有API调用似乎都运行良好:

export function addEmployee(employee, callback){
    employee = prepEmployeeValues(employee);
    return dispatch =>{
        http.addItem("employee", employee)
            .then(addedEmployee =>{
                dispatch(addEmployeeToState(addedEmployee.data));
                callback();
            });
    }
}
//Posts new employee to API
这会触发以下两个错误:

Access to XMLHttpRequest at 'https://procmanagement.azurewebsites.net/api/3/employee' 
    from origin 'https://scheduleanddirection.firebaseapp.com' 
    has been blocked by CORS policy: No 'Access-Control-Allow-Origin' 
    header is present on the requested resource.

请求头与来自任何其他组件的成功POST调用相同。值得注意的是,GET-from-Employee组件返回一个空数组,并且应该首先返回一个包含1个Employee对象(所有者)的数组,该对象是在注册帐户时添加的(在dev服务器中工作)

后端应在此处为员工提供职位:

        [HttpPost]
        public async Task<IActionResult> AddEmployee(int userId, EmployeeForCreationDto employeeForCreation)
        {
            EmployeeIdIncrement employeeIdIncrement = await _repo.GetEmployeeIdForIncrement(userId);
            employeeIdIncrement.employeeId = employeeIdIncrement.employeeId + 1;

            var creator = await _userRepo.GetUser(userId);

            if (creator.Id != int.Parse(User.FindFirst(ClaimTypes.NameIdentifier).Value))
                return Unauthorized();

            var employee = _mapper.Map<Employee>(employeeForCreation);

            employee.User = creator;

            employee.EmployeeId = employeeIdIncrement.employeeId;

            _repo.Add(employee);

            if (await _repo.SaveAll())
            {
                var employeeToReturn = _mapper.Map<EmployeeForReturnDto>(employee);
                return CreatedAtRoute("GetEmployee", new {employeeId = employee.EmployeeId, userId = userId }, employeeToReturn);
            }

            throw new Exception("Creation of Employee failed on save");

        }
收到:

        [HttpPost]
        public async Task<IActionResult> AddDepartment(int userId, DepartmentForCreationDto departmentForCreation)
        {
            var creator = await _userRepo.GetUser(userId);

            if (creator.Id != int.Parse(User.FindFirst(ClaimTypes.NameIdentifier).Value))
                return Unauthorized();

            var department = _mapper.Map<Department>(departmentForCreation);

            department.User = creator;

            _repo.Add(department);

            if (await _repo.SaveAll())
            {
                var jobToReturn = _mapper.Map<DepartmentForCreationDto>(department);
                return CreatedAtRoute("GetDepartment", new {deptName = department.DeptName, userId = userId }, jobToReturn);
            }

            throw new Exception("Creation of Department failed on save");

        }
所以经过深思熟虑,我发现事实上并不是CORS问题让我犯了那个错误

我与Postman检查了API,发现出现了一个内部服务器错误,然后将我的Dev server API连接到生产数据库,在那里我发现问题在于MS SQL server与SQLite相比的工作方式

Dev服务器使用SQLite。MS SQL Server在使用SQLite时遇到了两个问题:

  • 在没有明确许可的情况下一次更新多个数据段。通过在我的连接字符串中添加“MultipleActiveResultSets=True”解决了这个问题

  • 使用单个主键(与复合键相反)显式定义项的主键。通过完全删除EmployeeIdForIncrement模型,并将EmployeeIdForIncrement添加为用户模型的属性,可以解决此问题

    • 并非所有请求都需要COR,有些(比如GET)是“简单的”。请参见,例如,来自其他组件的PUT虽然成功,但请求头中的源url相同,传递的令牌也相同。请给出两个行为不同的最相似的请求,然后显示服务器的CORS配置。这将很难重现,由于它仅发生在生产中,但是如果您查看上面的内容,您将看到addEmployee函数,这是一个使用其上面的addItem helper方法的操作,由addEmployee控制器方法接收,但由于显示的错误而失败。使用相同addItem helper方法的addDepartment函数成功,并由addDepartment控制器方法接收。我在底部添加了CORS政策 
    export function addDepartment(department, callback){
    department = prepDepartmentValues(department);
    return dispatch =>{
        http.addItem("department", department)
            .then(addedDepartment =>{
                dispatch(addDepartmentToState(addedDepartment.data));
                callback();
            });
    }
}
//Posts new department to API

            [HttpPost]
        public async Task<IActionResult> AddDepartment(int userId, DepartmentForCreationDto departmentForCreation)
        {
            var creator = await _userRepo.GetUser(userId);

            if (creator.Id != int.Parse(User.FindFirst(ClaimTypes.NameIdentifier).Value))
                return Unauthorized();

            var department = _mapper.Map<Department>(departmentForCreation);

            department.User = creator;

            _repo.Add(department);

            if (await _repo.SaveAll())
            {
                var jobToReturn = _mapper.Map<DepartmentForCreationDto>(department);
                return CreatedAtRoute("GetDepartment", new {deptName = department.DeptName, userId = userId }, jobToReturn);
            }

            throw new Exception("Creation of Department failed on save");

        }

                services.AddCors(options =>
            {
                options.AddPolicy("ProdCors",
                    builder =>
                    {
                        builder.WithOrigins("https://scheduleanddirection.firebaseapp.com", "https://scheduleanddirection.web.app")
                            .AllowAnyMethod()
                            .AllowAnyHeader()
                            .AllowCredentials();
                    }
                );
            });