无法在针对netcoreapp3.0的ASP.NET Core WebApp中为特定的API控制器启用CORS [英] Can't enable CORS for specific API controllers in ASP.NET Core WebApp targeting netcoreapp3.0
问题描述
我正在尝试为ASP.NET Core应用程序中的特定API控制器启用CORS。首先,我安装NuGet软件包,并将其添加到我的 .csproj
:
I'm trying to enable CORS for a specific API controller in an ASP.NET Core application. First, I install the NuGet package, and this is added to my .csproj
:
<PackageReference Include="Microsoft.AspNetCore.Cors" Version="2.2.0" />
然后,我在 ConfigureServices
:
services.AddCors(options => {
options.AddPolicy("AllowAll", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
});
之后,如果我在 Configure $ c $中添加它c>,它的工作原理是:
After that, if I add this in my Configure
, it works:
app.UseCors("AllowAll");
但是,这将为所有控制器启用CORS。我只想为 SessionApiController
启用它。如果我改为将 EnableCorsAttribute
添加到控制器:
However, this enables CORS for all controllers. I just want to enable it for SessionApiController
. If I instead add the EnableCorsAttribute
to the controller:
[Route("api/session")]
[EnableCors("AllowAll")]
[ApiController]
public class SessionApiController : Controller {
[...]
[Route("init")]
public JsonResult InitSession() {
[...]
}
}
...它不起作用,当我尝试访问 / api /时,Chrome给我一个CORS错误session / init
端点(所请求的资源上没有'Access-Control-Allow-Origin'标头。)。我在这里缺少什么?
... it doesn't work, and Chrome gives me a CORS error when I try to access the /api/session/init
endpoint ("No 'Access-Control-Allow-Origin' header is present on the requested resource."). What am I missing here?
推荐答案
考虑以下ASP.NET Core WebApp:
Considering the following an ASP.NET Core WebApp:
App.csproj:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.0</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Cors" Version="2.2.0" />
</ItemGroup>
</Project>
从 Startup.cs 中提取:
public void ConfigureServices(IServiceCollection services) {
services.AddCors(options => {
options.AddPolicy("AllowAll", builder => builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());
});
services.AddControllers();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
app.UseCors(); // Doesn't work
//app.UseCors("AllowAll"); // Works
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints => {
endpoints.MapControllers();
});
}
从要在其中应用 AllowAll
策略:
[EnableCors("AllowAll")]
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
为了在其中正确应用CORS,您需要按照迁移MS文档:
In order to correctly apply CORS in it, you need to apply the following changes into the code as described in the migration MS docs:
- 删除不推荐使用
Microsoft.AspNetCore。*
包,在您的情况下为Microsoft.AspNetCore.Cors
。这将导致您的.csproj
看起来像:
- Remove deprecated
Microsoft.AspNetCore.*
packages, in your caseMicrosoft.AspNetCore.Cors
. This results in your.csproj
looking like:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.0</TargetFramework>
</PropertyGroup>
</Project>
-
请严格按照中间件迁移建议在msdocs中显示为顺序很重要!。这样会导致
Startup#Configure
看起来如下:
Carefully follow the middleware migration advice in the msdocs as the order is important!. This results in
Startup#Configure
looking as follows:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseRouting();
// AFAIK in netcoreapp2.2 this was not required
// to use CORS with attributes.
// This is now required, as otherwise a runtime exception is thrown
// UseCors applies a global CORS policy, when no policy name is given
// the default CORS policy is applied
app.UseCors();
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseAuthorization();
app.UseEndpoints(endpoints => {
endpoints.MapControllers();
});
}
这篇关于无法在针对netcoreapp3.0的ASP.NET Core WebApp中为特定的API控制器启用CORS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!