未设置 CORS 标头
Posted
技术标签:
【中文标题】未设置 CORS 标头【英文标题】:CORS header not being set 【发布时间】:2016-04-26 05:25:29 【问题描述】:我的 Web API 控制器请求中似乎没有任何 CORS 标头。
我目前正在使用 ASP.net 5 - coreclr,并且我已经添加了 Microsoft.AspNet.Cors 6.0.0-rc1-final
public void ConfigureServices(IServiceCollection services)
services.AddCors(options =>
options.AddPolicy("AllowAll", builder => builder.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
);
services.AddMvc();
services.AddSingleton<ConnectionMultiplexer>(x => ConnectionMultiplexer.Connect("localhost"));
services.AddScoped<IDatabase>(x => (x.GetService(typeof(ConnectionMultiplexer)) as ConnectionMultiplexer).GetDatabase());
services.AddScoped<IFitnessStorage, FitnessStorage>();
services.AddScoped<IFitnessTrackingService, FitnessTrackingService>();
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCors("AllowAll");
app.UseIISPlatformHandler();
app.UseStaticFiles();
app.UseMvc();
我的控制器上没有任何 [EnableCors],因为 UseCors 应该为每个请求设置它 - AFAIK..
HTTP/1.1 200 OK
Date: Wed, 20 Jan 2016 11:24:36 GMT
Content-Type: application/json; charset=utf-8
Server: Kestrel
Transfer-Encoding: chunked
GET /api/FitnessTrackGroup HTTP/1.1
Host: localhost:5000
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: da,en-US;q=0.8,en;q=0.6,nb;q=0.4
【问题讨论】:
【参考方案1】:如果您的请求不包含 Origin 标头,即同源请求,则 CORS 中间件实际上是一个 noop。它基本上是在第一步中救出...
Chrome 在同源 GET 请求中不包含 Origin 标头...请参阅 Chrome adding Origin header to same-origin request。
【讨论】:
以上是关于未设置 CORS 标头的主要内容,如果未能解决你的问题,请参考以下文章
节点 JS CORS 模块未设置 Access-Control-Allow-Credentials 标头