问题
I have CORS in place and working. Meaning I get no CORS errors on GET or POST. My requests are all received on the server, and their responses are all received back on the client.
That is, UNLESS an exception occurs in the Web API. Then, instead of getting the exception detail, I get the CORS error. So the client cannot see the exception details.
Failed to load http://localhost:64630/api/sql/familiesCollection/create: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 500.
Here's the Configure method in my Startup class:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors(builder => builder
.AllowAnyHeader()
.AllowAnyOrigin()
.AllowAnyMethod());
app.UseMvc();
}
If the CORS request is accepted, and the CORS response is accepted back, why aren't the exception details in the event of an error also accepted back by the client?
Update... I implemented a more verbose version as per suggestion from Marcus; but to no avail. Still getting the very same CORS error in just the one case of attempting to return error data in a 500 response when an unhandled exception occurs in the Web API.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o => o.AddPolicy("AllowAllPolicy", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));
services.AddMvc();
services.AddOptions();
services.Configure<AppConfig>(Configuration.GetSection("AppConfig"));
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("AllowAllPolicy");
app.UseMvc();
}
And then, in my controller class:
[EnableCors("AllowAllPolicy")]
public class SqlApiController
{
:
None of this is helping. CORS works until there's an exception in the Web API. Then, I get this, instead of exception info from the 500:
Failed to load http://localhost:64630/api/sql/familiesCollection/create: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 500.
回答1:
From what I see, you don't have any specific limitations on your CORS config and you allow "All". In that case, this could help you.
I also see that you decorate your controller with the [EnableCors...] attribute, so on error it might be getting out of current controller and the error is handled "elsewhere", that is what might cause the the attribute to be out of scope...
I have used a simpler way, yet allows CORS and the errors are also "transported" to the client.
using Microsoft.Owin.Cors;
namespace Test
{
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
Then remove everything else that is related to CORS, this is enough for global enabled CORS and allows all origins (i.e. *).
来源:https://stackoverflow.com/questions/50337487/getting-cors-error-only-on-server-exception-calling-asp-net-core-web-api-from