owin cors or web api cors

前端未结

关注

 2  1113

不要未来只要你来 2020-12-15 04:47

there are 100s of question on CORS on web-api, and on how to enable CORS, there is a different answer each one provides. I am so confused and dont know which answer is corre

2条回答

太阳男子 (楼主)

2020-12-15 05:35
You are supposed to use Web API's CORS if you need CORS applied to your API Controllers. For everything else (like a token service) you're stuck with having to use Owin.Cors.

If you end up using both, you'll need to make sure they don't overlap and apply CORS twice to the same request.

Web API 2.2 makes it easy to enable CORS by providing the EnableCorsAttribute.

Basic Usage
```
[EnableCors("*", "*", "*")]
public class ResourcesController : ApiController
{
    ...
```
Attribute definition
```
[AttributeUsageAttribute(AttributeTargets.Class|AttributeTargets.Method, AllowMultiple = false)]
public EnableCorsAttribute(
    string origins,
    string headers,
    string methods
)
```
To enable CORS globally use
```
public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        var cors = new EnableCorsAttribute("www.example.com", "*", "*");
        config.EnableCors(cors);
        // ...
    }
}
```
You will also need to install the CORS package from nuget
```
Install-Package Microsoft.AspNet.WebApi.Cors
```
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...