none
.net core2.0 mvc webapi cors跨域问题 RRS feed

  • 问题

  • 各位老师:

        开发一个前后端分离的web应用,webapi用.net core2.0 mvc,前端vue.js,访问api用axios,为解决跨域问题,后端这样设置:

              ConfigureServices方法中

                 services.AddCors();

    Configure中

    app.UseCors(builder  =>

    {

    builder.AllowAnyHeader ();

    builder.AllowAnyMethod();

    builder.AllowAnyOrigins();

    });

    仍报错:

    No'Access-Control-Allow-Origin' header is present on the requested resource.


    2018年1月12日 7:35

全部回复

  • 你好,

    首先如果你不想要某个controller的方法启用CROS, 你可以在method上面加属性。例如下面这个:

    [HttpGet("{id}")]
    [DisableCors]
    public string Get(int id)
    {
        return "value";
    }

    如果你想要指定只允许特定的地址,我建议你按照如下方法:

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddCors(options =>
        {
            options.AddPolicy("AllowSpecificOrigin",
                builder => builder.WithOrigins("http://example.com"));
        });
    }
    
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole();
    
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
    
        // Shows UseCors with named policy.
        app.UseCors("AllowSpecificOrigin");
        app.Run(async (context) =>
        {
            await context.Response.WriteAsync("Hello World!");
        });
    }

    然后在方法或者控制器设置:

    [Route("api/[controller]")]
    [EnableCors("AllowSpecificOrigin")]
    public class ValuesController : Controller
    
    
    
    [HttpGet]
    [EnableCors("AllowSpecificOrigin")]
    public IEnumerable<string> Get()
    {
        return new string[] { "value1", "value2" };
    }



    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    2018年1月15日 3:12
  • 你好,

    首先如果你不想要某个controller的方法启用CROS, 你可以在method上面加属性。例如下面这个:

    [HttpGet("{id}")]
    [DisableCors]
    public string Get(int id)
    {
        return "value";
    }

    如果你想要指定只允许特定的地址,我建议你按照如下方法:

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddCors(options =>
        {
            options.AddPolicy("AllowSpecificOrigin",
                builder => builder.WithOrigins("http://example.com"));
        });
    }
    
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole();
    
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
    
        // Shows UseCors with named policy.
        app.UseCors("AllowSpecificOrigin");
        app.Run(async (context) =>
        {
            await context.Response.WriteAsync("Hello World!");
        });
    }

    然后在方法或者控制器设置:

    [Route("api/[controller]")]
    [EnableCors("AllowSpecificOrigin")]
    public class ValuesController : Controller
    
    
    [HttpGet]
    [EnableCors("AllowSpecificOrigin")]
    public IEnumerable<string> Get()
    {
        return new string[] { "value1", "value2" };
    }



    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    谢谢!这个问题之前已经解决了,没有及时写出来,抱歉!

    解决办法类似你的方法,采用policy,然后在controller指定policy。但之前的写法也是文档中的解决办法,是否2.0一定要用策略才行?如果我不想在每个controller或action中加上attribute,有没有一种方法让CORS作用于所有的controller?

    2018年1月29日 2:19