问题
I am getting CORS issue in PROD environment when i am try to login into the site.when i set origin policy as "*" . still it is giving the same CORS issue.
Access to XMLHttpRequest at 'https://XYZ.azurewebsites.net/api/users/userlogin' from origin 'https://XYZ.azurewebsites.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I also have specified the CORS policy in code as well but Azure Web App CORS policy always have precedence over Code CORS policy.
can anyone please help on this?
回答1:
Removed all code-handling of CORS and simply put the headers in the web.config:
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://XYZ.azurewebsites.net/api/users/userlogin" />
<add name="Access-Control-Allow-Methods" value="*" />
<add name="Access-Control-Allow-Headers" value="accept, content-type, x-my-custom-header" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
Note: Don't try to use App Service CORS and Web API CORS code together. When used together, App Service CORS takes precedence and Web API CORS code has no effect. Refer to this article.
来源:https://stackoverflow.com/questions/55701444/we-are-getting-cors-issue-in-azure-webapp-still-i-have-allowed-all-origin-as