CORS策略和.NET Core 3.1的问题 [英] Trouble with CORS Policy and .NET Core 3.1

问题描述

我不确定自己缺少什么，但似乎无法使我的CORS政策与.NET Core 3.1和Angular 8客户端一起使用。

I'm not sure what I'm missing, but can't seem to get my CORS Policy working with .NET Core 3.1 and Angular 8 client-side.

Startup.cs ：

        public void ConfigureServices(IServiceCollection services)
        {
            // ...

            // Add CORS policy
            services.AddCors(options =>
            {
                options.AddPolicy("foo",
                builder =>
                {
                    // Not a permanent solution, but just trying to isolate the problem
                    builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader();
                });
            });

            services.AddControllers();
        }

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseHttpsRedirection();

            // Use the CORS policy
            app.UseCors("foo");

            app.UseRouting();

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }

错误消息客户端：

Access to XMLHttpRequest at 'https://localhost:8082/api/auth/' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

更新：

尽管我是错误地配置了CORS（以下公认的答案实际上确实有帮助），问题的根源无关。对于其他上下文，该应用程序在使用CLI运行API和Angular应用程序时运行完全正常-在将它们都部署到Web服务器后，我才遇到这个问题。

UPDATE:

Although I was configuring CORS incorrectly (and the accepted answer below did in fact help with that) the root of issue was unrelated. For additional context, the app was working completely fine when running the API and Angular app using the CLI - I was only having this issue after deploying them both to a web server.

实际 问题最终与SQL连接有关，只有在将平面文件错误日志记录添加到API并运行SQL Server跟踪以发现该应用不是完全可以连接到SQL。

The "actual" issue ended up being related to the SQL connection, which I only discovered after adding flat-file error logging to the API and running a SQL Server trace to find that the app wasn't able to connect to SQL at all.

我通常希望它返回500，而我会在10秒钟内意识到这个问题-但是CORS的配置错误意味着500永远不会实际上是由于CORS中间件首先失败而返回的。 这绝对让我非常沮丧！。但是，我想在这里补充一点，以防万一别人发现自己处于这种情况下，因为如果您愿意的话，我就是在追错兔。 修复了CORS配置后，我意识到实际的问题与CORS完全无关。

I would normally expect this to just return a 500 and I would have realized the issue in a matter of 10 seconds - however the CORS mis-configuration meant a 500 was never actually being returned because the CORS middleware failed first. This was immensely frustrating to say the absolute least! . However I want to add that here in case others find themselves in this situation, as I was "chasing the wrong rabbit," if you will. After fixing the CORS configuration, I realized the actual issue was entirely unrelated to CORS.

参考：

https://docs.microsoft.com/zh-cn/aspnet/core/security/cors?view=aspnetcore-3.1#cors-with-named-policy-and-middleware

https://medium.com/swlh/cors-headers-with-dot-net-core-3-5c9dfc664785

推荐答案

首先是 app.UseRouting（）; 然后是 app.UseCors（ foo）;

更改您的配置方法，如下所示：

Change your Configure method like the following :

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

    app.UseHttpsRedirection();



    app.UseRouting();  // first
    // Use the CORS policy
    app.UseCors("foo"); // second

    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllers();
    });
}

对我有用！

这篇关于CORS策略和.NET Core 3.1的问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！