在从Angular 6调用ASP.NET Core Web API的服务器异常中仅获得CORS错误 [英] Getting CORS error *only* on server exception calling ASP.NET Core Web API from Angular 6
问题描述
我有CORS并可以正常工作.这意味着我在GET或POST上没有CORS错误.我的请求全部在服务器上接收,它们的响应全部在客户端上返回.
I have CORS in place and working. Meaning I get no CORS errors on GET or POST. My requests are all received on the server, and their responses are all received back on the client.
也就是说,除非在Web API中发生异常.然后,我没有得到异常详细信息,而是得到了CORS错误.因此客户端无法看到异常详细信息.
That is, UNLESS an exception occurs in the Web API. Then, instead of getting the exception detail, I get the CORS error. So the client cannot see the exception details.
无法加载 http://localhost:64630/api/sql/familiesCollection/create :否请求中存在"Access-Control-Allow-Origin"标头资源.因此,不允许使用来源" http://localhost:4200 "使用权.响应的HTTP状态码为500.
Failed to load http://localhost:64630/api/sql/familiesCollection/create: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 500.
这是我的Startup类中的Configure方法:
Here's the Configure method in my Startup class:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors(builder => builder
.AllowAnyHeader()
.AllowAnyOrigin()
.AllowAnyMethod());
app.UseMvc();
}
如果接受了CORS请求,并且又接受了CORS响应,那么为什么客户在不接受错误的情况下也不能提供异常详细信息呢?
If the CORS request is accepted, and the CORS response is accepted back, why aren't the exception details in the event of an error also accepted back by the client?
更新...根据Marcus的建议,我实现了更详细的版本;但无济于事.在Web API中发生未处理的异常时,尝试在500响应中返回错误数据的一种情况下,仍然会遇到非常相同的CORS错误.
Update... I implemented a more verbose version as per suggestion from Marcus; but to no avail. Still getting the very same CORS error in just the one case of attempting to return error data in a 500 response when an unhandled exception occurs in the Web API.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o => o.AddPolicy("AllowAllPolicy", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));
services.AddMvc();
services.AddOptions();
services.Configure<AppConfig>(Configuration.GetSection("AppConfig"));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("AllowAllPolicy");
app.UseMvc();
}
然后,在我的控制器类中:
And then, in my controller class:
[EnableCors("AllowAllPolicy")]
public class SqlApiController
{
:
这些都没有帮助.在Web API中没有异常之前,CORS一直有效.然后,我得到了这个,而不是500中的异常信息:
None of this is helping. CORS works until there's an exception in the Web API. Then, I get this, instead of exception info from the 500:
无法加载 http://localhost:64630/api/sql/familiesCollection/create :否请求中存在"Access-Control-Allow-Origin"标头资源.因此,不允许使用来源" http://localhost:4200 "使用权.响应的HTTP状态码为500.
Failed to load http://localhost:64630/api/sql/familiesCollection/create: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 500.
推荐答案
据我所知,您对CORS配置没有任何具体限制,并且允许全部".在这种情况下,这可以为您提供帮助.
From what I see, you don't have any specific limitations on your CORS config and you allow "All". In that case, this could help you.
我还看到您用[EnableCors ...]属性装饰了控制器,所以在发生错误时,它可能会脱离当前控制器,并且错误在其他地方"被处理,这可能导致该属性超出范围...
I also see that you decorate your controller with the [EnableCors...] attribute, so on error it might be getting out of current controller and the error is handled "elsewhere", that is what might cause the the attribute to be out of scope...
我使用了一种更简单的方法,但是允许CORS,并且错误也被传输"到客户端.
I have used a simpler way, yet allows CORS and the errors are also "transported" to the client.
using Microsoft.Owin.Cors;
namespace Test
{
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
然后删除与CORS相关的所有其他内容,这足以启用全局启用的CORS,并允许所有来源(即*).
Then remove everything else that is related to CORS, this is enough for global enabled CORS and allows all origins (i.e. *).
这篇关于在从Angular 6调用ASP.NET Core Web API的服务器异常中仅获得CORS错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!