解决跨域问题
- 环境:NET 6
- 项目:WebAPI+Vue
// 设置允许所有来源跨域
app.UseCors(options =>
{
options.AllowAnyHeader();
options.AllowAnyMethod();
options.AllowAnyOrigin();
options.AllowCredentials();
});
// 设置只允许特定来源可以跨域
app.UseCors(options =>
{
options.WithOrigins("http://localhost:3000", "http://127.0.0.1"); // 允许特定ip跨域
options.AllowAnyHeader();
options.AllowAnyMethod();
options.AllowCredentials();
});
问题还原
Access to XMLHttpRequest at ‘(请求路径)’ from origin
‘http://localhost:8080’ has been blocked by CORS policy:
No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
浏览器和服务器实现跨域(CORS)判定的原理
解决方式
添加受信赖的域
var MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
app.UseCors(MyAllowSpecificOrigins);//启用跨域问题
//Program.cs
builder.Services.AddCors(options =>
{
options.AddPolicy(name: MyAllowSpecificOrigins,
builder =>
{
//添加收信赖的地址
builder.WithOrigins("http://localhost/8080", "http://localhost/8081")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});
或者在配置文件中配置
//Program.cs
builder.Services.AddCors(options =>
{
options.AddPolicy(MyAllowSpecificOrigins, builder =>
{
builder
.WithOrigins(
configuration["App:CorsOrigins"]
.Split(",", StringSplitOptions.RemoveEmptyEntries)
.ToArray()
)
.SetIsOriginAllowedToAllowWildcardSubdomains()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});
//appsetting.json
"App": {
"CorsOrigins": "http://localhost/8080"
}
允许所有域
builder.Services.AddCors(options =>
{
options.AddPolicy(MyAllowSpecificOrigins, builder =>
{
builder.AllowAnyMethod()
.SetIsOriginAllowed(_ => true)
.AllowAnyHeader()
.AllowCredentials();
});
});