CORS 政策已被阻止我的子域 [英] CORS Policy has been blocked my subdomain
问题描述
我有一个相同的域,其中之一是没有前缀 www 的域.例如,
I have a same domain, one of them is domain without prefix www. For example,
第一个域工作正常,因为它是默认域.但是当我做 CRUD 或访问任何 api 服务时,第二个会出错.
First domain works fine because it is default domain. But second one has gives error when I do CRUD or accessing any api service.
访问 XMLHttpRequest 在'https://www.example.com/hubCon/negotiate' 来自原点https://example.com"已被 CORS 政策阻止:回应预检请求未通过访问控制检查:响应中的Access-Control-Allow-Origin"标头不能是当请求的凭据模式为包含"时,通配符*".这XMLHttpRequest 发起的请求的凭证模式是由 withCredentials 属性控制.
Access to XMLHttpRequest at 'https://www.example.com/hubCon/negotiate' from origin 'https://example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
我尝试了文章中的代码由 Microsoft 发布,但它不起作用.
I tried the code in the article published by Microsoft, but it doesn't works.
我使用的是 .Net Core 2.2 版本.这是我的 Startup.cs
I am using .Net Core 2.2 version. This is my Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy(MyAllowSpecificOrigins,
builder =>
{
builder.WithOrigins("https://example.com")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowAnyOrigin()
.AllowCredentials();
});
});
services.AddMvc().AddJsonOptions(options =>
{
options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
services.AddSignalR();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseCors(MyAllowSpecificOrigins);
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseHttpsRedirection();
app.UseStatusCodePages();
app.UseStaticFiles();
app.UseAuthentication();
app.UseSignalR(routes =>
{
routes.MapHub<HubSignal>("/hubCon");
});
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}"
);
});
}
所以,我不明白为什么项目会出错.
So, I couldn't understand why the project gives error.
感谢您的回答.
推荐答案
您不能将 AllowAnyOrigin 与 AllowCredentials 一起使用.下面是一个允许使用 CORS 的通配符域的示例.
You can't use AllowAnyOrigin with AllowCredentials. Below is an example that allows wildcard domains with CORS.
此代码位于 ConfigureServices 中:
This code goes in ConfigureServices:
services.AddCors(options =>
{
options.AddPolicy("_AllowOrigin",
builder => builder
.SetIsOriginAllowedToAllowWildcardSubdomains()
.WithOrigins("https://localhost:44385", "https://*.azurewebsites.net", "http://*.azurewebsites.net")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
);
});
不要忘记在控制器中装饰你的动作:
Don't forget to decorate your action in your controller:
[EnableCors("_AllowOrigin")]
这篇关于CORS 政策已被阻止我的子域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!