asp.net core 2.1 跨域策略。添加为 CORS 时，只有单个 url 有效

Posted 2023-03-04

【中文标题】asp.net core 2.1 跨域策略。添加为 CORS 时，只有单个 url 有效

【英文标题】：asp.net core 2.1 cross orgin policy. Only single url working when added as CORS

【发布时间】：2019-08-17 19:53:54

【问题描述】：

我正在尝试添加多个应该为 CORS 列入白名单的规则。

问题只是单个 url 工作。我的代码如下

public class StartupShutdownHandler

    private static readonly log4net.ILog Logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
    private const string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
    public StartupShutdownHandler(IConfiguration configuration)
    
        Configuration = configuration;
    

    public IConfiguration Configuration  get; 
    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    
        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
        services.AddMvc(options =>  options.RespectBrowserAcceptHeader = true; ).AddXmlSerializerFormatters().AddXmlDataContractSerializerFormatters();

        CorsRelatedPolicyAddition(services);
    
    private void CorsRelatedPolicyAddition(IServiceCollection services)
    
/*        var lstofCors = ConfigurationHandler.GetSection<List<string>>(StringConstants.AppSettingsKeys.CORSWhitelistedURL);
*/
var lstofCors = new  List<string> "url1", "url2"

        if (lstofCors != null && lstofCors.Count > 0 && lstofCors.Any(h => !string.IsNullOrWhiteSpace(h)))
        
            services.AddCors(options =>
            
                //https://***.com/questions/43985620/asp-net-core-use-multiple-cors-policies
                foreach (var entry in lstofCors.FindAll(h => !string.IsNullOrWhiteSpace(h)))
                
                    options.AddPolicy(MyAllowSpecificOrigins, builder =>  builder.WithOrigins(entry); );
                
            );
                    
    

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime applicationLifetime)
    
        if (env.IsDevelopment())
        
            app.UseDeveloperExceptionPage();
        

        app.UseCors(MyAllowSpecificOrigins);

        // CheckAndEnableDetailLogs(app);
        app.UseMvc();                    
           

【参考方案1】：

您正在覆盖数组中每个条目的选项。

只需将条目添加为字符串数组即可。

    var lstofCors = new  string[] "url1", "url2";
    services.AddCors(options =>
        
           options.AddPolicy(MyAllowSpecificOrigins, builder =>  builder.WithOrigins(lstofCors.ToArray()).AllowAnyMethod(); );
        );
            

编辑： 我添加了 AllowAnyMethod() 看起来只有 get 方法有效

【讨论】：

非常感谢 DTul