owin cors 或 web api cors [英] owin cors or web api cors
问题描述
关于 web-api 上 CORS 的问题有 100 多个,关于如何启用 CORS,每个问题都有不同的答案.我很困惑,不知道哪个答案是正确的.问题是,没有一个答案实际上是明智地解释每一行代码的作用,以便我可以理解和解决我的问题,而不是复制粘贴代码.
there are 100s of question on CORS on web-api, and on how to enable CORS, there is a different answer each one provides. I am so confused and dont know which answer is correct. And the problem is none of the answers actually explains it point wise, what each line of code does, so that I can understand and solve my problem rather than copy-pasting the code.
无论如何,问题是:我正在使用 owin 使用 asp.net web api 2.我需要启用 CORS.我该怎么做?OWIN有cors设置
anyways, the question is: I am using asp.net web api 2 using owin. And i need to enable CORS. how do I do it? There is cors settings for OWIN
application.UseCors(CorsOptions.AllowAll);
并且有 asp.net web api 的 cors 设置
and there is cors settings for asp.net web api
var cors = new EnableCorsAttribute("*", "*", "*", "*");
config.EnableCors(cors);
鉴于我没有使用 OAUTH,我应该使用哪个(我指定这个是因为 SO 上的答案与我们何时使用 OAUTH v/s 而我们不使用它不同).
which one should I use given I am not using OAUTH (I am specifying this because answers on SO differ on when we use OAUTH v/s when we dont use it).
我是否需要为 OWIN & 启用 CORS?WEB-API 或仅用于其中之一.如果两者都启用,则会出现问题,阅读此处
Do i need to enable CORS for both OWIN & WEB-API or only for one of them. There is issue if both are enabled, read here
如果有人能向我解释两者之间的区别,那将非常有帮助
It would be really helpful if someone can explain me the difference between
- OWIN CORS
- WEB API CORS
- 使用 OWIN/WEBAPI 的 OAUTH 的 CORS
也有针对 owin 托管的 web-api 的自托管 web api 的答案,这进一步增加了混淆:(,抱歉咆哮
Also there are answers for self-hosted web api against owin hosted web-api, which further adds to the confution :(, sorry for the rant
推荐答案
有一种方法可以解决这个问题.由于 OWIN 和 ASP.NET.CORS 库同时工作.Owin 令牌或身份验证方法需要配置为与所有其他 API 控制器分开启用 CORS.
There is a way to fix this. Since OWIN and ASP.NET.CORS libraries are working simultaneously. Owin token or authentication method needs to be configured to enable CORS separately from all other API controllers.
首先,不要在 Startup.cs 中将 cors 与 Owin 一起使用:
Fist thing first, don't use cors with Owin in Startup.cs :
public void Configuration(IAppBuilder app)
{
//app.UseCors(CorsOptions.AllowAll);
找到 GrantResourceOwnerCredentials 方法并将 Access-Control-Allow-Origin 添加到上下文中,以便在身份验证完成后返回调用时浏览器会找到标头并接受它.
Find GrantResourceOwnerCredentials method and add Access-Control-Allow-Origin to context so when it returns a call after authentication is completed that browser finds the header and accepts it.
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "http://localhost" });
现在将 Microsoft.AspNet.WebApi.Cors 包从 Nuget 安装到您的 webapi 项目中,并将其添加到 Register 方法
Now install Microsoft.AspNet.WebApi.Cors package from Nuget to your webapi project, and add this to Register method
public static void Register(HttpConfiguration config)
{
var cors = new EnableCorsAttribute("http://localhost, ", "accept,accesstoken,authorization,cache-control,pragma,content-type,origin", "GET,PUT,POST,DELETE,TRACE,HEAD,OPTIONS");
config.EnableCors(cors);
为我工作.
这篇关于owin cors 或 web api cors的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
