Reactjs 反应Cors政策问题编号';访问控制允许原点';
基于.net core的web api应用程序托管在同一台服务器上的api.mydomain.com下。另一方面,我在mydomain.com下有reactjs 当我收到来自react应用程序--(mydomain.com)的任何请求时,web api返回该错误--> 访问位于“”的XMLHttpRequesthttps://api.mydomain.com/api/auth/login' 来自来源的“mydomain.com”已被CORS策略阻止: 请求的服务器上不存在“Access Control Allow Origin”标头 资源 我什么都试过了,解决不了 注意:应用程序在IIS服务器上运行 .net core 3.1.5 webapi cors配置Reactjs 反应Cors政策问题编号';访问控制允许原点';,reactjs,api,asp.net-core,axios,cors,Reactjs,Api,Asp.net Core,Axios,Cors,基于.net core的web api应用程序托管在同一台服务器上的api.mydomain.com下。另一方面,我在mydomain.com下有reactjs 当我收到来自react应用程序--(mydomain.com)的任何请求时,web api返回该错误--> 访问位于“”的XMLHttpRequesthttps://api.mydomain.com/api/auth/login' 来自来源的“mydomain.com”已被CORS策略阻止: 请求的服务器上不存在“Access Cont
services.AddCors(options =>
{
options.AddPolicy("AllowOrigin",
builder => builder.WithOrigins("mydomain.com").AllowAnyMethod().AllowAnyHeader().AllowCredentials());
});
...............
app.UseCors("AllowOrigin");
let isRefreshing: boolean = false;
let failedQueue: any = [];
const processQueue = (error: any, token: any = null) => {
failedQueue.forEach((prom: any) => {
if (error) {
prom.reject(error);
} else {
prom.resolve(token);
}
});
failedQueue = [];
};
const CancelToken = axios.CancelToken;
const source = CancelToken.source();
axios.defaults.baseURL = getBaseUrl; // mydomain.com
axios.defaults.headers.common["Authorization"] =
"Bearer " + getStoredUserAuth().token;
axios.defaults.headers.post["Content-Type"] =
"application/x-www-form-urlencoded";
axios.defaults.cancelToken = source.token;
axios.interceptors.response.use(
async response => {
return response;
},
async error => {
const originalRequest = error.config;
if (error.response) {
const status = error.response.status;
const refreshToken = getStoredUserAuth().refreshToken;
if (status === 401 && !originalRequest._retry) {
if (isRefreshing) {
return new Promise(function(resolve, reject) {
failedQueue.push({ resolve, reject });
})
.then(token => {
originalRequest.headers["Authorization"] = "Bearer " + token;
return axios(originalRequest);
})
.catch(err => {
return Promise.reject(err);
});
}
originalRequest._retry = true;
isRefreshing = true;
return new Promise(function(resolve, reject) {
refreshAccessToken(refreshToken)
.then(response => {
if (response.status === 200) {
if (response.data.token) {
setAuthStatus(response.data);
axios.defaults.headers.common["Authorization"] =
"Bearer " + response.data.token;
originalRequest.headers["Authorization"] =
"Bearer " + response.data.token;
}
processQueue(null, response.data.token);
resolve(axios(originalRequest));
} else {
throw new Error();
}
})
.catch(err => {
failedQueue = [];
setUnauthStatus();
source.cancel("Session time out.");
processQueue(err, null);
reject(err);
})
.then(() => {
isRefreshing = false;
});
});
}
} else {
debugger;
errorHandler(error);
}
return Promise.reject(error);
}
);
然后这是我的axios拦截器配置
services.AddCors(options =>
{
options.AddPolicy("AllowOrigin",
builder => builder.WithOrigins("mydomain.com").AllowAnyMethod().AllowAnyHeader().AllowCredentials());
});
...............
app.UseCors("AllowOrigin");
let isRefreshing: boolean = false;
let failedQueue: any = [];
const processQueue = (error: any, token: any = null) => {
failedQueue.forEach((prom: any) => {
if (error) {
prom.reject(error);
} else {
prom.resolve(token);
}
});
failedQueue = [];
};
const CancelToken = axios.CancelToken;
const source = CancelToken.source();
axios.defaults.baseURL = getBaseUrl; // mydomain.com
axios.defaults.headers.common["Authorization"] =
"Bearer " + getStoredUserAuth().token;
axios.defaults.headers.post["Content-Type"] =
"application/x-www-form-urlencoded";
axios.defaults.cancelToken = source.token;
axios.interceptors.response.use(
async response => {
return response;
},
async error => {
const originalRequest = error.config;
if (error.response) {
const status = error.response.status;
const refreshToken = getStoredUserAuth().refreshToken;
if (status === 401 && !originalRequest._retry) {
if (isRefreshing) {
return new Promise(function(resolve, reject) {
failedQueue.push({ resolve, reject });
})
.then(token => {
originalRequest.headers["Authorization"] = "Bearer " + token;
return axios(originalRequest);
})
.catch(err => {
return Promise.reject(err);
});
}
originalRequest._retry = true;
isRefreshing = true;
return new Promise(function(resolve, reject) {
refreshAccessToken(refreshToken)
.then(response => {
if (response.status === 200) {
if (response.data.token) {
setAuthStatus(response.data);
axios.defaults.headers.common["Authorization"] =
"Bearer " + response.data.token;
originalRequest.headers["Authorization"] =
"Bearer " + response.data.token;
}
processQueue(null, response.data.token);
resolve(axios(originalRequest));
} else {
throw new Error();
}
})
.catch(err => {
failedQueue = [];
setUnauthStatus();
source.cancel("Session time out.");
processQueue(err, null);
reject(err);
})
.then(() => {
isRefreshing = false;
});
});
}
} else {
debugger;
errorHandler(error);
}
return Promise.reject(error);
}
);
解决方案:
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\WebAPI.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess" />
</system.webServer>
</location>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://yourdomain.com" />
<add name="Access-Control-Allow-Headers" value="Access-Control-Allow-Headers, Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Content-Disposition" />
<add name="Access-Control-Allow-Methods" value="*" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
我认为您的问题在于服务器上的CORS配置。我想把它改成:
builder => builder.WithOrigins("https://*.mydomain.com").AllowAnyMethod().AllowAnyHeader().AllowCredentials());
对飞行前请求的响应未通过访问控制检查:请求的资源上不存在“访问控制允许来源”标头。现在,我遇到了这个错误。您也可以尝试使用origins(“*”)查看发生了什么。我什么都做不到,我需要帮助。
在IIS服务器上运行的应用程序
如果可能,您可以尝试安装和配置您的站点/应用程序,并检查它是否适合您。@CodAvo您可以详细介绍一下解决方案吗?我也有同样的问题。@sdagkas当然,现在你可以看到解决方案的细节了