我仍然在Azure WebAPP中收到CORS问题，但我仍允许所有来源都为"*" [英] We are getting CORS issue in Azure WebAPP still i have allowed all origin as "*"

问题描述

当我尝试将站点设置为"*"时，在PROD环境中出现CORS问题.仍然会出现相同的CORS问题.

I am getting CORS issue in PROD environment when i am try to login into the site.when i set origin policy as "*" . still it is giving the same CORS issue.

通过'> https://XYZ.azurewebsites.net/api/users/访问XMLHttpRequest来自来源" https://XYZ.azurewebsites.com 的userlogin "已被CORS阻止策略:对预检请求的响应未通过访问控制检查:所请求的资源上没有"Access-Control-Allow-Origin"标头.

Access to XMLHttpRequest at 'https://XYZ.azurewebsites.net/api/users/userlogin' from origin 'https://XYZ.azurewebsites.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

我也已经在代码中指定了CORS策略，但是Azure Web App CORS策略始终优先于代码CORS策略.

I also have specified the CORS policy in code as well but Azure Web App CORS policy always have precedence over Code CORS policy.

任何人都可以帮忙吗?

推荐答案

删除了CORS的所有代码处理，只需将标头放在web.config:

Removed all code-handling of CORS and simply put the headers in the web.config:

<configuration>
 <system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="https://XYZ.azurewebsites.net/api/users/userlogin" />
      <add name="Access-Control-Allow-Methods" value="*" />
      <add name="Access-Control-Allow-Headers" value="accept, content-type, x-my-custom-header" />
      <add name="Access-Control-Allow-Credentials" value="true" />
    </customHeaders>
  </httpProtocol>

注意:请勿尝试同时使用App Service CORS和Web API CORS代码.一起使用时，App Service CORS优先，而Web API CORS代码无效.请参阅此

Note: Don't try to use App Service CORS and Web API CORS code together. When used together, App Service CORS takes precedence and Web API CORS code has no effect. Refer to this article.

这篇关于我仍然在Azure WebAPP中收到CORS问题，但我仍允许所有来源都为"*"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！