我越来越Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://mysiteapi.domain.com/api/v1.0/operations/1. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
想做一个PUT请求我.NET5的WebAPI时。
这些是我已将CORS添加到API的方法:
public static void AddCustomCors(this IServiceCollection services, IWebHostEnvironment env, IConfiguration config)
{
var cors = config.GetSection("Cors").Get<CorsSettings>();
if (!cors.Enabled)
{
return;
}
services.AddCors(options =>
{
options.AddPolicy("Default",
builder =>
{
builder.WithExposedHeaders(cors.ExposedHeaders)
.WithHeaders(cors.Headers)
.WithMethods(cors.Methods);
.WithOrigins(cors.Origins);
});
});
}
public static void UseCustomCors(this IApplicationBuilder app, IConfiguration config)
{
var cors = config.GetSection("Cors").Get<CorsSettings>();
if (cors.Enabled)
{
app.UseCors("Default");
}
}
他们被称为在Startup.cs
作为第一方法ConfigureServices
和Configure
分别。设置如下所示:
"Cors": {
"Enabled": true,
"Origins": [ "http://mysite.domain.com" ],
"ExposedHeaders": [ "X-Request-Id", "X-Request-Duration" ],
"Headers": [ "Content-Type", "Authorization", "X-Requested-With" ],
"Methods": [ "OPTIONS", "GET", "POST", "PUT", "DELETE" ]
}
GET请求有效,但PUT不起作用。检查“网络浏览器”选项卡,我发现OPTIONS请求正常,可以看到已添加设置,但在PUT请求中却丢失了设置。OPTIONS请求和响应:
OPTIONS /api/v1.0/operations/1 HTTP/2
Host: mysiteapi.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: authorization,content-type
Referer: https://mysite.domain.com/operation/edit/1
Origin: https://mysite.domain.com
Connection: keep-alive
TE: Trailers
HTTP/2 204 No Content
server: Microsoft-IIS/10.0
access-control-allow-origin: https://mysite.domain.com
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Origin
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Thu, 28 Jan 2021 16:21:49 GMT
X-Firefox-Spdy: h2
PUT请求和响应:
PUT /api/v1.0/operations/1 HTTP/2
Host: mysiteapi.domain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Bearer <token>
Content-Type: application/json
Content-Length: 353
Origin: https://mysite.domain.com
Connection: keep-alive
Referer: https://mysite.domain.com/operation/edit/1
TE: Trailers
HTTP/2 405 Method Not Allowed
allow: GET, HEAD, OPTIONS, TRACE
content-type: text/html
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin
date: Thu, 28 Jan 2021 16:21:49 GMT
content-length: 12591
X-Firefox-Spdy: h2
该API在Plesk 18.0.32中的IIS中运行的Web主机上。web.config如下:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\MySite.WebApi.dll" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" hostingModel="InProcess" />
</system.webServer>
</location>
</system.webServer>
<system.web>
<compilation tempDirectory="C:\Inetpub\vhosts\mysite.com\tmp" />
<customErrors mode="Off" />
</system.web>
</configuration>
我怀疑这是web.config的问题,所以我尝试了:
Access-Control-Allow-Origin
在web.config中添加作为自定义标头-这导致错误,因为它们被添加了两次还有其他人遇到过这个问题吗?
<system.webServer>
刚<handlers>
在web.config中将其包含在xml中之前,以删除可能已禁用PUT
请求的webdav 。
<modules>
<remove name="WebDAVModule" />
</modules>
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句