发表新帖
发表新帖

owin cors or web api cors

前端 未结
关注
2 1112
不要未来只要你来
不要未来只要你来 2020-12-15 04:47

there are 100s of question on CORS on web-api, and on how to enable CORS, there is a different answer each one provides. I am so confused and dont know which answer is corre

相关标签:
2条回答
  • 孤城傲影
    2020-12-15 05:34

    There is a way to fix this. Since OWIN and ASP.NET.CORS libraries are working simultaneously. Owin token or authentication method needs to be configured to enable CORS separately from all other API controllers.

    Fist thing first, don't use cors with Owin in Startup.cs :

    public void Configuration(IAppBuilder app)
{
    //app.UseCors(CorsOptions.AllowAll);

    Find GrantResourceOwnerCredentials method and add Access-Control-Allow-Origin to context so when it returns a call after authentication is completed that browser finds the header and accepts it.

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
        context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "http://localhost" });

    Now install Microsoft.AspNet.WebApi.Cors package from Nuget to your webapi project, and add this to Register method

    public static void Register(HttpConfiguration config)
{
        var cors = new EnableCorsAttribute("http://localhost, ", "accept,accesstoken,authorization,cache-control,pragma,content-type,origin", "GET,PUT,POST,DELETE,TRACE,HEAD,OPTIONS");

        config.EnableCors(cors);

    Worked for me.

    0 讨论(0)
  • 太阳男子
    2020-12-15 05:35

    You are supposed to use Web API's CORS if you need CORS applied to your API Controllers. For everything else (like a token service) you're stuck with having to use Owin.Cors.

    If you end up using both, you'll need to make sure they don't overlap and apply CORS twice to the same request.

    Web API 2.2 makes it easy to enable CORS by providing the EnableCorsAttribute.

    Basic Usage

    [EnableCors("*", "*", "*")]
public class ResourcesController : ApiController
{
    ...

    Attribute definition

    [AttributeUsageAttribute(AttributeTargets.Class|AttributeTargets.Method, AllowMultiple = false)]
public EnableCorsAttribute(
    string origins,
    string headers,
    string methods
)

    To enable CORS globally use

    public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        var cors = new EnableCorsAttribute("www.example.com", "*", "*");
        config.EnableCors(cors);
        // ...
    }
}

    You will also need to install the CORS package from nuget

    Install-Package Microsoft.AspNet.WebApi.Cors
    0 讨论(0)
 看不清?
提交回复
热议问题