发表新帖
发表新帖

CORS Policy has been blocked my subdomain

前端 未结
关注
2 1116
你的背包
你的背包 2021-01-28 09:13

I have a same domain, one of them is domain without prefix www. For example,

  1. https://www.example.com
  2. https://example.com

First domain works

2条回答
  • 耶瑟儿~
    耶瑟儿~ (楼主)
    2021-01-28 09:49

    This happens because you have specified both:

    • AllowAnyOrigin()
    • AllowCredentials();

    This configuration is not supported. See the doc:

    Specifying AllowAnyOrigin and AllowCredentials is an insecure configuration and can result in cross-site request forgery. The CORS service returns an invalid CORS response when an app is configured with both methods.

    You should remove the call to AllowAnyOrigin method

    0 讨论(0)
 看不清?
提交回复
热议问题