仅在.NET5上的PUT上出现CORS问题

FullStackOverflowDev

我越来越Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://mysiteapi.domain.com/api/v1.0/operations/1. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).想做一个PUT请求我.NET5的WebAPI时。

这些是我已将CORS添加到API的方法:

        public static void AddCustomCors(this IServiceCollection services, IWebHostEnvironment env, IConfiguration config)
        {
            var cors = config.GetSection("Cors").Get<CorsSettings>();
            if (!cors.Enabled)
            {
                return;
            }

            services.AddCors(options =>
            {
                options.AddPolicy("Default",
                    builder =>
                    {
                        builder.WithExposedHeaders(cors.ExposedHeaders)
                            .WithHeaders(cors.Headers)
                            .WithMethods(cors.Methods);
                            .WithOrigins(cors.Origins);

                    });
            });
        }

        public static void UseCustomCors(this IApplicationBuilder app, IConfiguration config)
        {
            var cors = config.GetSection("Cors").Get<CorsSettings>();
            if (cors.Enabled)
            {
                app.UseCors("Default");
            }
        }

他们被称为在Startup.cs作为第一方法ConfigureServicesConfigure分别。设置如下所示:

  "Cors": {
    "Enabled": true,
    "Origins": [ "http://mysite.domain.com" ],
    "ExposedHeaders": [ "X-Request-Id", "X-Request-Duration" ],
    "Headers": [ "Content-Type", "Authorization", "X-Requested-With" ],
    "Methods": [ "OPTIONS", "GET", "POST", "PUT", "DELETE" ]
  }

GET请求有效,但PUT不起作用。检查“网络浏览器”选项卡,我发现OPTIONS请求正常,可以看到已添加设置,但在PUT请求中却丢失了设置。OPTIONS请求和响应:

OPTIONS /api/v1.0/operations/1 HTTP/2
Host: mysiteapi.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: authorization,content-type
Referer: https://mysite.domain.com/operation/edit/1
Origin: https://mysite.domain.com
Connection: keep-alive
TE: Trailers


HTTP/2 204 No Content
server: Microsoft-IIS/10.0
access-control-allow-origin: https://mysite.domain.com
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Origin
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Thu, 28 Jan 2021 16:21:49 GMT
X-Firefox-Spdy: h2

PUT请求和响应:

PUT /api/v1.0/operations/1 HTTP/2
Host: mysiteapi.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Bearer <token>
Content-Type: application/json
Content-Length: 353
Origin: https://mysite.domain.com
Connection: keep-alive
Referer: https://mysite.domain.com/operation/edit/1
TE: Trailers

HTTP/2 405 Method Not Allowed
allow: GET, HEAD, OPTIONS, TRACE
content-type: text/html
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Thu, 28 Jan 2021 16:21:49 GMT
content-length: 12591
X-Firefox-Spdy: h2

该API在Plesk 18.0.32中的IIS中运行的Web主机上。web.config如下:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <location path="." inheritInChildApplications="false">
    <system.webServer>
      <handlers>
        <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
      </handlers>
      <aspNetCore processPath="dotnet" arguments=".\MySite.WebApi.dll" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />
    </system.webServer>
  </location>

  </system.webServer>
  <system.web>
    <compilation tempDirectory="C:\Inetpub\vhosts\mysite.com\tmp" />
    <customErrors mode="Off" />
  </system.web>
</configuration>

我怀疑这是web.config的问题,所以我尝试了:

  1. Access-Control-Allow-Origin在web.config中添加作为自定义标头-这导致错误,因为它们被添加了两次
  2. 从API中删除CORS内容并仅从web.config中添加它们-导致有关预检请求的错误
  3. 通过web.config删除标题,然后添加它-导致错误(我认为是预检)
  4. 将配置从https://docs.microsoft.com/zh-cn/iis/extensions/cors-module/cors-module-configuration-reference添加到web.config-也导致错误

还有其他人遇到过这个问题吗?

<system.webServer><handlers>在web.config中将其包含在xml中之前,以删除可能已禁用PUT请求的webdav

<modules> 
    <remove name="WebDAVModule" /> 
</modules> 

本文收集自互联网,转载请注明来源。

如有侵权,请联系 [email protected] 删除。

编辑于
0

我来说两句

0 条评论
登录 后参与评论

相关文章

TOP 榜单

热门标签

归档