Core 2.1 拒绝使用 Access-Control-Expose-Headers 响应:*

Core 2.1 refuses to respond with Access-Control-Expose-Headers: *(Core 2.1 拒绝使用 Access-Control-Expose-Headers 响应:*)

本文介绍了Core 2.1 拒绝使用 Access-Control-Expose-Headers 响应:*的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我一定是在这里做错了,但我想不通;据我所知,这似乎是一个 CORS 问题.我需要将 Access-Control-Expose-Headers: * 暴露给任何来源,但 dotnet core 2.1 没有达到我的预期.

I must be doing something wrong here but I can't figure it out; it seems to be a CORS issue from what I can tell. I need to expose Access-Control-Expose-Headers: * to any origin but dotnet core 2.1 isn't doing what I expect.

相关Startup.cs代码:

Relevant Startup.cs code:

        public void ConfigureServices(IServiceCollection services)
        {
            //Mapping settings to POCO and registering with container
            var settings = new AppSettings.ReportStorageAccountSettings();
            Configuration.Bind(nameof(AppSettings.ReportStorageAccountSettings), settings);

            services.AddCors(options =>
            {
                options.AddPolicy("AllowAll",
                    builder =>
                    {
                        builder
                            .AllowAnyHeader()
                            .AllowAnyMethod()
                            .AllowAnyOrigin()
                            .AllowCredentials();
                    });
            });
            services.AddSingleton(settings);
            services.AddApiVersioning();
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseHsts();
            }

            app.UseCors("AllowAll");
            app.UseHttpsRedirection();
            app.UseMvc();
        }

此应用程序托管在 Azure 中,我在 Azure 中的 CORS 设置中添加了一个 * 条目,只是为了更好地衡量.现在,每当客户端应用程序(也托管在 Azure 中)发出发布请求时,都无法通过 JS 访问标头,并且响应中不存在 Access-Control-Expose-Headers: *.但是,当我检查网络响应和使用 Fiddler 时,我可以看到标头.我已经尝试使用 Axios 和 Jquery 来访问标题以排除 JS 的任何问题.我在这里做错了什么?

This application is hosted in Azure and I have added a * entry to the CORS settings in Azure just for good measure. Now, whenever the client application (which is also hosted in Azure) makes a post request, the headers are not accessible via JS and Access-Control-Expose-Headers: * is not present in the response. However, I can see the headers when I inspect the network response and when using Fiddler. I have tried Axios and Jquery for accessing the headers to rule out any issues with the JS. What am I doing wrong here?

在控制器中我回复:

 Response.Headers.Add("Location", $"api/someLocation");
 return StatusCode(StatusCodes.Status202Accepted);

推荐答案

CorsPolicyBuilderAllowAnyHeader 方法配置 Access-Control-Allow-Headers 响应头,即仅用于 预检请求.Access-Control-Expose-Headers 响应头是需要的,使用 WithExposedHeaders.

这是一个完整的例子:

services.AddCors(options =>
{
    options.AddPolicy("AllowAll", builder =>
    {
        builder.AllowAnyHeader()
               .AllowAnyMethod()
               .AllowAnyOrigin()
               .AllowCredentials()
               .WithExposedHeaders("Location"); // params string[]
    });
});

这篇关于Core 2.1 拒绝使用 Access-Control-Expose-Headers 响应:*的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本文标题为:Core 2.1 拒绝使用 Access-Control-Expose-Headers 响应:*

基础教程推荐