Core 2.1拒绝使用Access-Control-Expose-Header进行响应:* [英] Core 2.1 refuses to respond with Access-Control-Expose-Headers: *

问题描述

我在这里一定做错了，但是我无法弄清楚；据我所知，这似乎是一个CORS问题.我需要将Access-Control-Expose-Headers: *暴露给任何来源，但dotnet core 2.1并没有达到我的期望.

I must be doing something wrong here but I can't figure it out; it seems to be a CORS issue from what I can tell. I need to expose Access-Control-Expose-Headers: * to any origin but dotnet core 2.1 isn't doing what I expect.

相关的Startup.cs代码:

Relevant Startup.cs code:

        public void ConfigureServices(IServiceCollection services)
        {
            //Mapping settings to POCO and registering with container
            var settings = new AppSettings.ReportStorageAccountSettings();
            Configuration.Bind(nameof(AppSettings.ReportStorageAccountSettings), settings);

            services.AddCors(options =>
            {
                options.AddPolicy("AllowAll",
                    builder =>
                    {
                        builder
                            .AllowAnyHeader()
                            .AllowAnyMethod()
                            .AllowAnyOrigin()
                            .AllowCredentials();
                    });
            });
            services.AddSingleton(settings);
            services.AddApiVersioning();
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseHsts();
            }

            app.UseCors("AllowAll");
            app.UseHttpsRedirection();
            app.UseMvc();
        }

此应用程序托管在Azure中，并且我已在Azure中的CORS设置中添加了*条目，以供参考.现在，无论何时客户端应用程序(也托管在Azure中)发出发布请求，都无法通过JS访问标头，并且响应中不存在Access-Control-Expose-Headers: *.但是，当我检查网络响应和使用Fiddler时，可以看到标题.我尝试使用Axios和Jquery访问标头以排除JS的任何问题.我在这里做错了什么?

This application is hosted in Azure and I have added a * entry to the CORS settings in Azure just for good measure. Now, whenever the client application (which is also hosted in Azure) makes a post request, the headers are not accessible via JS and Access-Control-Expose-Headers: * is not present in the response. However, I can see the headers when I inspect the network response and when using Fiddler. I have tried Axios and Jquery for accessing the headers to rule out any issues with the JS. What am I doing wrong here?

在控制器中，我回应:

 Response.Headers.Add("Location", $"api/someLocation");
 return StatusCode(StatusCodes.Status202Accepted);

推荐答案

CorsPolicyBuilder的 Access-Control-Expose-Headers 响应标头是需要的，它使用

The CorsPolicyBuilder's AllowAnyHeader method configures the Access-Control-Allow-Headers response header, which is used only for preflighted requests. The Access-Control-Expose-Headers response header is what's needed, which is configured using WithExposedHeaders.

这是一个完整的例子:

services.AddCors(options =>
{
    options.AddPolicy("AllowAll", builder =>
    {
        builder.AllowAnyHeader()
               .AllowAnyMethod()
               .AllowAnyOrigin()
               .AllowCredentials()
               .WithExposedHeaders("Location"); // params string[]
    });
});

这篇关于Core 2.1拒绝使用Access-Control-Expose-Header进行响应:*的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！