.net core 2.2 和广泛开放的 CORS

    Services.AddCors(CorsOptions =>
    {
        CorsOptions.AddPolicy("AllowAll", P => { P
            .SetIsOriginAllowed(_ => true)
            .AllowAnyMethod()
            .AllowAnyHeader()
            .AllowCredentials();
        });
    });

2回答

繁花如伊

我认为您所需要的只是@Praneet 提到的以下内容。创建全访问策略services&nbsp; &nbsp; .AddCors(options => options&nbsp; &nbsp; &nbsp; &nbsp; .AddPolicy("WideOpen", p => p&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; .AllowAnyOrigin()&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; .AllowAnyMethod()&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; .AllowAnyHeader())&nbsp; &nbsp; );您还需要一个Configure方法来全局启用它public void Configure(IApplicationBuilder app, IHostingEnvironment env){&nbsp; &nbsp; app.UseCors("WideOpen");}更新的答案services&nbsp; &nbsp; .AddCors(options => options&nbsp; &nbsp; &nbsp; &nbsp; .AddPolicy("WideOpen", p => p&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; .SetIsOriginAllowedToAllowWildcardSubdomains()&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; .WithOrigins("*")&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; .AllowAnyMethod()&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; .AllowAnyHeader()&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; .AllowCredentials())&nbsp; &nbsp; );根据允许的来源所需的文件。 SetIsOriginAllowedToAllowWildcardSubdomains所以我已经设置WithOrigins使用通配符更新的答案 2好的，我对你的问题有个想法。我认为这不是理想或推荐的解决方案，但它会起作用。您可以有一个中间件，它为每个请求注入响应标头，这些请求需要允许 AnyOrigin、AnyMethod 和 AnyHeader 以及凭据。但是，它只会Access-Control-Allow-Origin为请求中存在的 Origin 添加标头，因此允许任何来源。如果 Ajax 检查不起作用，您可以将其删除。唯一的缺点是，它将为所有请求注入标头。public class WideOpenCorsMiddleware{&nbsp; &nbsp; private readonly RequestDelegate _next;&nbsp; &nbsp; public WideOpenCorsMiddleware(RequestDelegate next)&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; _next = next;&nbsp; &nbsp; }&nbsp; &nbsp; public async Task Invoke(HttpContext context)&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; var response = context.Response;&nbsp; &nbsp; &nbsp; &nbsp; // check if it's an ajax request&nbsp; &nbsp; &nbsp; &nbsp; if (context.Request.Headers != null && context.Request.Headers["X-Requested-With"] == "XMLHttpRequest")&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; response.Headers.Add("Access-Control-Allow-Origin",&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; new[] { (string)context.Request.Headers["Origin"] });&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; response.Headers.Add("Access-Control-Allow-Headers",&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; new[] { "Origin, X-Requested-With, Content-Type, Accept" });&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; response.Headers.Add("Access-Control-Allow-Methods", new[] { "GET, POST, PUT, DELETE, OPTIONS" });&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; response.Headers.Add("Access-Control-Allow-Credentials", new[] { "true" });&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; response.StatusCode = 200;&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; &nbsp; &nbsp; // if not a pre-flight request&nbsp; &nbsp; &nbsp; &nbsp; if (context.Request.Method != "OPTIONS")&nbsp; &nbsp; &nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; await _next(context);&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp; &nbsp; }}你也可以有这个扩展方法，这样你就可以很容易地在Configure方法中使用它。// Extension method used to add the middleware to the HTTP request pipeline.public static class MiddlewareExtensions{&nbsp; &nbsp; public static IApplicationBuilder UseWideOpenCors(this IApplicationBuilder builder)&nbsp; &nbsp; {&nbsp; &nbsp; &nbsp; &nbsp; return builder.UseMiddleware<WideOpenCorsMiddleware>();&nbsp; &nbsp; }}最后，在Configure方法中，添加以下行，可能在顶部：public void Configure(IApplicationBuilder app, IHostingEnvironment env){&nbsp; &nbsp; app.UseWideOpenCors();}

0

0

0

jeck猫

在您的 appsettings.json 中添加您的 cors 来源。是这样的："CorsOrigins": {&nbsp; &nbsp; "Urls": [ "http://localhost:4200", "http://localhost:8090", "https://localhost:44376" ]&nbsp; }然后像这样设置你的启动：var corsOriginsSection = Configuration.GetSection("CorsOrigins");var origins = corsOriginsSection.Get<CorsOrigins>();services.AddCors(options => options.AddPolicy("AllowSpecificOrigin", p => p.WithOrigins(origins.Urls)&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;.AllowAnyMethod()&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;.AllowAnyHeader()));然后在你的控制器上添加这个：&nbsp;[EnableCors("AllowSpecificOrigin")]那应该有效。我将使用的类是这样的：public interface ICorsOrigins{&nbsp; &nbsp; string[] Urls { get; set; }}public class CorsOrigins : ICorsOrigins{&nbsp; &nbsp; public string[] Urls { get; set; }}我会保留 appsettings 中的起源，否则它将是硬编码的东西。就像特定来源一样，创建一个策略 All Access 并根据您的要求使用它

0

0

0