C# CORS:飞行前工作,但主请求失败
我已经用OWIN.Cors设置了C#WebApi 2.2,如下所示:C# CORS:飞行前工作,但主请求失败,c#,angular,asp.net-web-api,asp.net-web-api2,C#,Angular,Asp.net Web Api,Asp.net Web Api2,我已经用OWIN.Cors设置了C#WebApi 2.2,如下所示: public void Configuration(IAppBuilder app) { app.UseCors(CorsOptions.AllowAll); IdentityModelEventSource.ShowPII = true; ServicePointManager.Expect100Continue = true;
public void Configuration(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
IdentityModelEventSource.ShowPII = true;
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;
ConfigureAuth(app);
}
并且在Web.config
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
但是Get请求失败并出现错误(请注意,WebApi控制器中的端点甚至没有命中):
控制台日志中的错误:
访问位于的XMLHttpRequest
'https://localhost:44366/General/AppSiteSettings/dev?hostname=localhost'
源于https://localhost:4200'已被CORS策略阻止:
请求的服务器上不存在“Access Control Allow Origin”标头
资源
Chrome网络选项卡中出现错误
跨源资源共享错误:缺少AllowOriginHeader
检查失败的请求时。这就是我发现的:
**Response Headers:**
access-control-expose-headers: Request-Context
cache-control: private
content-length: 40070
content-type: text/html; charset=utf-8
date: Sun, 30 May 2021 05:10:43 GMT
request-context: appId=cid-v1:04c910be-c0d6-4c56-b923-d591b73940c1
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-sourcefiles: =?UTF-8?B?RTpcRHJvcGJveFxTbWFydFRhc2tcQmFja2VuZFxTbWFydFRhc2suQ29yZVxTbWFydFRhc2suV2ViQXBpXEdlbmVyYWxcQXBwU2l0ZVNldHRpbmdzXGRldg==?=
**Request Headers:**
:authority: localhost:44366
:method: GET
:path: /General/AppSiteSettings/dev
:scheme: https
accept: application/json, text/plain, */*
accept-encoding: gzip, deflate, br
accept-language: en,en-GB;q=0.9,en-US;q=0.8
authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjY....
cookie: _ga=GA1.1.1.....
origin: https://localhost:4200
referer: https://localhost:4200/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
sec-ch-ua-mobile: ?0
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
我想确认我的设置是否正常工作,因此我删除了Web.config部分,现在响应也失败了,示例如下:
**Response Headers**
access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-origin: https://localhost:4200
access-control-expose-headers: Request-Context
content-length: 0
date: Sun, 30 May 2021 05:10:41 GMT
request-context: appId=cid-v1:04c910be-c0d6-4c56-b923-d591b73940c1
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
x-sourcefiles: =?UTF-8?B?RTpcRHJvcGJveFxTbWFydFRhc2tcQmFja2VuZFxTbWFydFRhc2suQ29yZVxTbWFydFRhc2suV2ViQXBpXEdlbmVyYWxcQXBwU2l0ZVNldHRpbmdzXGRldg==?=
**Request Headers**
:authority: localhost:44366
:method: OPTIONS
:path: /General/AppSiteSettings/dev
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en,en-GB;q=0.9,en-US;q=0.8
access-control-request-headers: authorization
access-control-request-method: GET
origin: https://localhost:4200
referer: https://localhost:4200/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
**Response Headers**
allow: OPTIONS, TRACE, GET, HEAD, POST
content-length: 0
date: Sun, 30 May 2021 05:00:39 GMT
public: OPTIONS, TRACE, GET, HEAD, POST
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
x-sourcefiles: =?UTF-8?B?RTpcRHJvcGJveFxTbWFydFRhc2tcQmFja2VuZFxTbWFydFRhc2suQ29yZVxTbWFydFRhc2suV2ViQXBpXEdlbmVyYWxcQXBwU2l0ZVNldHRpbmdzXGRldg==?=
**Request Headers:**
:authority: localhost:44366
:method: OPTIONS
:path: /General/AppSiteSettings/dev
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en,en-GB;q=0.9,en-US;q=0.8
access-control-request-headers: authorization
access-control-request-method: GET
origin: https://localhost:4200
referer: https://localhost:4200/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
作为结论,我认为CORs至少在选项
请求方面工作得很好,但主要请求都失败了。有趣的是GET请求甚至没有到达控制器中的端点
如果您对如何解决此问题有任何想法,请务必告诉我。get上的响应状态如何?是200还是500我猜从前端我猜,在Chrome的状态栏中显示“Cors错误”,没有状态代码。你应该在控制台的某个地方还有某种状态代码。如果下面的答案不起作用,请将控制台错误添加到问题中并添加控制台日志