Core 2.1 refuses to respond with Access-Control-Expose-Headers: *(Core 2.1 拒绝使用 Access-Control-Expose-Headers 响应:*)
问题描述
我一定是在这里做错了,但我想不通;据我所知,这似乎是一个 CORS 问题.我需要将 Access-Control-Expose-Headers: *
暴露给任何来源,但 dotnet core 2.1 没有达到我的预期.
I must be doing something wrong here but I can't figure it out; it seems to be a CORS issue from what I can tell. I need to expose Access-Control-Expose-Headers: *
to any origin but dotnet core 2.1 isn't doing what I expect.
相关Startup.cs代码:
Relevant Startup.cs code:
public void ConfigureServices(IServiceCollection services)
{
//Mapping settings to POCO and registering with container
var settings = new AppSettings.ReportStorageAccountSettings();
Configuration.Bind(nameof(AppSettings.ReportStorageAccountSettings), settings);
services.AddCors(options =>
{
options.AddPolicy("AllowAll",
builder =>
{
builder
.AllowAnyHeader()
.AllowAnyMethod()
.AllowAnyOrigin()
.AllowCredentials();
});
});
services.AddSingleton(settings);
services.AddApiVersioning();
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseCors("AllowAll");
app.UseHttpsRedirection();
app.UseMvc();
}
此应用程序托管在 Azure 中,我在 Azure 中的 CORS 设置中添加了一个 *
条目,只是为了更好地衡量.现在,每当客户端应用程序(也托管在 Azure 中)发出发布请求时,都无法通过 JS 访问标头,并且响应中不存在 Access-Control-Expose-Headers: *
.但是,当我检查网络响应和使用 Fiddler 时,我可以看到标头.我已经尝试使用 Axios 和 Jquery 来访问标题以排除 JS 的任何问题.我在这里做错了什么?
This application is hosted in Azure and I have added a *
entry to the CORS settings in Azure just for good measure. Now, whenever the client application (which is also hosted in Azure) makes a post request, the headers are not accessible via JS and Access-Control-Expose-Headers: *
is not present in the response. However, I can see the headers when I inspect the network response and when using Fiddler. I have tried Axios and Jquery for accessing the headers to rule out any issues with the JS. What am I doing wrong here?
在控制器中我回复:
Response.Headers.Add("Location", $"api/someLocation");
return StatusCode(StatusCodes.Status202Accepted);
推荐答案
CorsPolicyBuilder
的 AllowAnyHeader
方法配置 Access-Control-Allow-Headers
响应头,即仅用于 预检请求.Access-Control-Expose-Headers
响应头是需要的,使用 WithExposedHeaders
.
这是一个完整的例子:
services.AddCors(options =>
{
options.AddPolicy("AllowAll", builder =>
{
builder.AllowAnyHeader()
.AllowAnyMethod()
.AllowAnyOrigin()
.AllowCredentials()
.WithExposedHeaders("Location"); // params string[]
});
});
这篇关于Core 2.1 拒绝使用 Access-Control-Expose-Headers 响应:*的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:Core 2.1 拒绝使用 Access-Control-Expose-Headers 响应:*
基础教程推荐
- c# Math.Sqrt 实现 2022-01-01
- SSE 浮点算术是否可重现? 2022-01-01
- 如何激活MC67中的红灯 2022-01-01
- MS Visual Studio .NET 的替代品 2022-01-01
- 将 XML 转换为通用列表 2022-01-01
- 如何在 IDE 中获取 Xamarin Studio C# 输出? 2022-01-01
- rabbitmq 的 REST API 2022-01-01
- 为什么Flurl.Http DownloadFileAsync/Http客户端GetAsync需要 2022-09-30
- 有没有办法忽略 2GB 文件上传的 maxRequestLength 限制? 2022-01-01
- 将 Office 安装到 Windows 容器 (servercore:ltsc2019) 失败,错误代码为 17002 2022-01-01