当请求的凭据模式为“包含"时,响应中“Access-Control-Allow-Origin"标头的值不得为通配符“*" [英] The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'
问题描述
我的应用程序在 IE 浏览器中运行良好,但由于 CORS 问题,它无法在 Chrome 浏览器中运行.
My application is working fine in IE browser, But it's not working in Chrome browser due to CORS issue.
问题是
加载失败 http://localhost:52487/api/Authentication/: 的值当请求的凭据模式为包含"时,响应中的Access-Control-Allow-Origin"标头不能是通配符*".Origin 'http://localhost:4200' 因此不允许访问.XMLHttpRequest 发起的请求的凭证模式由 withCredentials 属性控制.
Failed to load http://localhost:52487/api/Authentication/: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:4200' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
我在前端使用 angular 2,在后端使用 Asp.net core 1.0.我试过了
I am using angular 2 in front-end and using Asp.net core 1.0 in back-end. I have tried
这是我的启动代码
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("AllowAll", p =>
{
p.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod();
});
});
// Add framework services.
services.AddMvc();
// Add functionality to inject IOptions<T>
services.AddOptions();
// Add our Config object so it can be injected
services.Configure<Data>(Configuration.GetSection("Data"));
services.Configure<COCSettings>(Configuration.GetSection("COCSettings"));
services.Configure<EmailSettings>(Configuration.GetSection("EmailSettings"));
AppSettings.ConnectionString = Configuration["Data:DefaultConnectionString"];
// *If* you need access to generic IConfiguration this is **required**
services.AddSingleton<IConfiguration>(Configuration);
// Injecting repopsitories with interface
AddServices(services);
// Add Json options
services.AddMvc().AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseMiddleware(typeof(ErrorHandling));
app.UseMiddleware(typeof(GetNoCache));
app.UseCors("AllowAll");
app.UseMvc();
}
这就是我从 UI(角度)端调用 API 的方式
this is how I am calling the API from UI(angular) side
constructor(private http: Http) {
this.headers = new Headers();
this.headers.append('Accept', 'application/json');
}
GetMaintainCOC(FYONId) {
return this.http.get(this.apiUrl + 'GetCertificationofConformity?FYONId=' + FYONId, { withCredentials: true })
.map(responce => <any>responce.json())
.catch(error => {
return Observable.throw(error);
});
}
推荐答案
它正在工作,当我在 AddPolicy
services.AddCors(options =>
{
options.AddPolicy("AllowAll", p =>
{
p.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});
我从Access-Control-Allow-Origin:*"当凭证标志为真时不允许,但没有 Access-Control-Allow-Credentials 标头
我在角度 http 服务调用中使用 { withCredentials: true } .所以我想我应该在 CORS 服务中使用 AllowCredentials() 策略.
I am using
{ withCredentials: true }in angularhttpservice call. So I guess I should useAllowCredentials()policy inCORSservice.
这篇关于当请求的凭据模式为“包含"时,响应中“Access-Control-Allow-Origin"标头的值不得为通配符“*"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
