嗨,我尝试了不同的方法来启用 cors,但我的代码失败了。我使用 spa 应用程序来呈现数据,但无法通过 cors.browser 显示错误跨源请求被阻止:同源策略不允许在http读取远程资源://localhost:5000/Values。(原因:缺少 CORS 标头“Access-Control-Allow-Origin”)。
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers().AddNewtonsoftJson(opt =>
{
opt.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore;
});
services.AddCors();
services.AddSignalR();
services.AddControllersWithViews();
services.AddDbContext<DataContext>(x =>
{
x.UseLazyLoadingProxies();
x.UseMySql(Configuration.GetConnectionString("DefaultConnection"));
});
IdentityBuilder builder = services.AddIdentityCore<User>(opt =>
{opt.User.RequireUniqueEmail = true;
}).AddRoles<IdentityRole>();
builder = new IdentityBuilder(builder.UserType, typeof(IdentityRole), builder.Services);
builder.AddEntityFrameworkStores<DataContext>();
builder.AddSignInManager<SignInManager<User>>();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII
.GetBytes(Configuration.GetSection("AppSettings:Token").Value)),
ValidateIssuer = false,
ValidateAudience = false
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
var accessToken = context.Request.Query["access_token"];
if (string.IsNullOrEmpty(accessToken) == false)
{
context.Token = accessToken;
}
return Task.CompletedTask;
}
};
});
services.AddAuthorization(options =>
{
options.AddPolicy(constant.RequireVisionTrackAdminRole, policy => policy.RequireRole(constant.VisionTrackAdmin));
options.AddPolicy(constant.RequireAdminRole, policy => policy.RequireRole(constant.Admin, constant.VisionTrackAdmin));
});
services.AddScoped<IAuthRepository, AuthRepository>();
services.AddAutoMapper(typeof(VisionTrackRepository).Assembly);
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/build";
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseRouting();
app.UseCors(
options => options.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()
);
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapHub<VisionTrackHub>("/VisionTrack").RequireCors("CorsPolicy");
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller}/{action=Index}/{id?}").RequireCors("CorsPolicy");
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
}
也试过这个指南不起作用 [ https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-3.1]是因为授权中间件还是要在端点上做些什么?
在您的Startup
文件中,您有两个主要方法ConfigureServices
、 和Configure
方法。
在你的ConfigureServices
方法中定义如下:
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
});
并在Configure
方法中添加这一行:
app.UseCors("CorsPolicy");
注意: app.UseCors("CorsPolicy")
应该在app.UseRouting()
之前和之后app.UserAuthentication()
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句