首页 文章

CORS在ASP.NET Web API 2应用程序中不起作用

提问于
浏览
0

你知道,通常:CORS不起作用 . Chrome通过以下方式为我服务:

Fetch API无法加载https:// url-to-my-api-thing . 请求的资源上不存在“Access-Control-Allow-Origin”标头 . 因此,不允许来源“https:// url-to-the-origin-thing” . 如果不透明响应满足您的需求,请将请求的模式设置为“no-cors”以获取禁用CORS的资源 .

我有一个ASP.NET Web API 2应用程序,它使用OWIN管道并托管在IIS中 .

以下是我(尝试)在我的 Configuration 方法中设置CORS的方法:

// ... container setup above, CORS is the first middleware ...

var corsPolicyProvider = new CorsPolicyProvider(_corsOrigins, container.GetInstance<ILogger>);
app.UseCors(new CorsOptions
{
    PolicyProvider = corsPolicyProvider
});

app.UseStageMarker(PipelineStage.Authenticate);

configuration.Services.Replace(typeof(IExceptionHandler), new PassThroughExceptionHandler());
configuration.MapHttpAttributeRoutes();
app.UseWebApi(configuration);

这是我的 CorsPolicyProvider 类的样子:

public class CorsPolicyProvider : ICorsPolicyProvider
{
    private readonly Regex _corsOriginsRegex;
    private readonly string _defaultCorsOrigin;
    private readonly Func<ILogger> _scopedLoggerCreator;

    public CorsPolicyProvider(string corsOrigins, Func<ILogger> scopedLoggerCreator)
    {
        _corsOriginsRegex = new Regex($"({corsOrigins})", RegexOptions.IgnoreCase);
        _defaultCorsOrigin = corsOrigins?.Split('|').FirstOrDefault();
        _scopedLoggerCreator = scopedLoggerCreator;
    }

    public Task<CorsPolicy> GetCorsPolicyAsync(IOwinRequest request)
    {
        var logger = _scopedLoggerCreator();

        var allowedOrigin = _defaultCorsOrigin;
        string[] origins;
        request.Headers.TryGetValue("Origin", out origins);
        var origin = origins?.FirstOrDefault();
        if (origin != null && Uri.IsWellFormedUriString(origin, UriKind.Absolute) && _corsOriginsRegex.IsMatch(new Uri(origin).Host))
            allowedOrigin = origins.FirstOrDefault();

        var policy = new CorsPolicy
        {
            Origins = { allowedOrigin },
            Methods = { HttpMethod.Get.Method, HttpMethod.Post.Method, HttpMethod.Put.Method, HttpMethod.Delete.Method },
            Headers = { "accept", "content-type" },
            SupportsCredentials = true,
            PreflightMaxAge = 1728000
        };

        logger?.Verbose("Resolving CORS policy: {@CorsPolicy}", policy);

        return Task.FromResult(policy);
    }
}

为什么这个政策从未触发过,或者最好是故障?如果我在本地测试时设置断点并显式发送 OPTIONS 请求,则会输入 GetCorsPolicyAsync 方法,并按预期记录请求 . 但是当API在服务器上并且我尝试从Chrome中的网站调用它时,它从不记录请求,它只是告诉我没有CORS标头 .

c# asp.net cors asp.net-web-api2 owin

1 回答

  • 0

    ......就像发条一样,当我发布一些东西时,我找到了答案 . 有 was 一个CORS标头,并且请求 was 被记录,但环境配置错误,因此原始(因为它是一个不同的环境然后无效)被正确阻止,并且日志最终在错误的服务器上 . 修复了配置,它再次按预期工作 .

    回复于

相关问题