原作者:
https://www.cnblogs.com/linyijia/p/12981830.html
第一个添加的指定地址为访问者的地址 成功
第二个允许所有地址访问 成功
services.AddCors(options => { options.AddPolicy(MyAllowSpecificOrigins, builder => { builder.AllowAnyMethod() //.SetIsOriginAllowed(_ => true) //允许所有地址访问 .WithOrigins(new string[] { "http://127.0.0.1:5500" }) //允许指定地址访问 ==>此地址为访问者的地址 .AllowAnyHeader() .AllowCredentials(); }); });
之后在配置方法中加入
当出现
The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the CORS policy by listing individual origins if credentials needs to be supported 跨域错误的时候
只需要给予一个可信列表即可。修改内容如下:
services.AddCors(options => options.AddPolicy("CorsPolicy",
builder =>
{
builder.WithOrigins(new string[] { "http://127.0.0.1:5500" })
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
}));
如果真的就不想做任何限制,其实也是有办法的。只需要将AllowAnyOrigin替换为SetIsOriginAllowed(_ => true)就可以解决。
services.AddCors(options => options.AddPolicy("CorsPolicy",
builder =>
{
builder.AllowAnyMethod()
.SetIsOriginAllowed(_ => true)
.AllowAnyHeader()
.AllowCredentials();
}));
除了前面的两个方法以外,其实还可以自定义中间件。添加Cors处理类。如下:
public class CorsMiddleware
{
private readonly RequestDelegate next;
public CorsMiddleware(RequestDelegate next)
{
this.next = next;
}
public async Task Invoke(HttpContext context)
{
if (context.Request.Headers.ContainsKey(CorsConstants.Origin))
{
context.Response.Headers.Add("Access-Control-Allow-Origin", context.Request.Headers["Origin"]);
context.Response.Headers.Add("Access-Control-Allow-Methods", "PUT,POST,GET,DELETE,OPTIONS,HEAD,PATCH");
context.Response.Headers.Add("Access-Control-Allow-Headers", context.Request.Headers["Access-Control-Request-Headers"]);
context.Response.Headers.Add("Access-Control-Allow-Credentials", "true");
if (context.Request.Method.Equals("OPTIONS"))
{
context.Response.StatusCode = StatusCodes.Status200OK;
return;
}
}
await next(context);
}
}
在Configure方法中添加如下内容即可。
app.UseMiddleware<CorsMiddleware>();