.NET Core 2.2 CORS Not Allowing Requests

问题:

I have checked several other threads on this and still can't manage to figure this out. I'm wanting to allow any origin, header, method, etc. to access my .NET Core 2.2 API.

public void ConfigureServices(IServiceCollection services)     {         services.AddCors();         services.AddMvc();   ...   public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime lifetime, IDistributedCache cache)     {         app.UseCors(builder => builder.AllowAnyOrigin()         .AllowAnyMethod()         .AllowAnyHeader()         .AllowCredentials()); 

I made sure the CORS methods were called first within ConfigureServices and Configure. I'm testing this locally and from the server and get this same error on both in Chrome.

Access to XMLHttpRequest at 'https://xxxxx.azurewebsites.net/api/Employees/getCurrentEmployee' from origin 'https://xxxxxxxxxx.azurewebsites.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. 

回答1:

you can do it "manually" and by this way it's simple to add extra logic to manage your requests. at your global.asax add a custom header with the request domain so the sender will be allowed, or for a specific domain the you wish or just a wild card "*" which allows all. be aware the chrome gives security warning with wild cards so they should be avoided

.AddCustomHeader("Access-Control-Allow-Origin",  HttpContext.Current.Request.UserHostAddress) 

回答2:

You could try using a Policy instead:

public void ConfigureServices(IServiceCollection services) {     services.AddCors(setup => setup.AddPolicy("CorsPolicy", builder =>         {             builder.AllowAnyOrigins()             .AllowAnyHeader()             .AllowAnyMethod()             .AllowCredentials();         })); 

...

public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime lifetime, IDistributedCache cache)     {         app.UseCors("CorsPolicy"); 

If AllowAnyOrigins() does not work you can always be specific and write the url in .WithOrigins("<url>")

So it'd be:

    public void ConfigureServices(IServiceCollection services)     {         services.AddCors(setup => setup.AddPolicy("CorsPolicy", builder =>             {                 builder.WithOrigins("https://xxxxxxxxxx.azurewebsites.net")                 .AllowAnyHeader()                 .AllowAnyMethod()                 .AllowCredentials();             })); ...       public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime lifetime, IDistributedCache cache)         {             app.UseCors("CorsPolicy"); 

回答3:

Allow CORS request in .Net Core 2.2 in the following way:

// This method gets called by the runtime. Add/allow tags are per your needs public void ConfigureServices(IServiceCollection services) {   services.AddCors(options =>    {       options.AddPolicy("AllowAllOrigins",       builder => builder.AllowAnyOrigin()       .AllowAnyMethod()      .AllowAnyHeader(),      .AllowCredentials()       );    }); } 

Thanks

回答4:

in ConfigureServices method

services.AddCors(options =>             {                 options.AddPolicy("CorsPolicy",                     builder => builder                     .SetIsOriginAllowed((host) => true)                     .AllowAnyMethod()                     .AllowAnyHeader()                     .AllowCredentials());             }); 

in configure method

app.UseCors("CorsPolicy"); 

回答5:

I think this actually had more to do with the fact that my app was not publishing to the app service properly and therefore not reflecting the code from above. Doh!

文章来源: .NET Core 2.2 CORS Not Allowing Requests