小贝子编程

asp.net 核心 2.1 跨组织政策.添加为 CORS 时,只有单个 URL 有效



我正在尝试添加多个应该被列入 CORS 白名单的 rul。

问题只是单个网址工作。我的代码如下

public class StartupShutdownHandler
{
    private static readonly log4net.ILog Logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
    private const string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
    public StartupShutdownHandler(IConfiguration configuration)
    {
        Configuration = configuration;
    }
    public IConfiguration Configuration { get; }
    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
        services.AddMvc(options => { options.RespectBrowserAcceptHeader = true; }).AddXmlSerializerFormatters().AddXmlDataContractSerializerFormatters();
        CorsRelatedPolicyAddition(services);
    }
    private void CorsRelatedPolicyAddition(IServiceCollection services)
    {
/*        var lstofCors = ConfigurationHandler.GetSection<List<string>>(StringConstants.AppSettingsKeys.CORSWhitelistedURL);
*/
var lstofCors = new  List<string> {"url1", "url2"}
        if (lstofCors != null && lstofCors.Count > 0 && lstofCors.Any(h => !string.IsNullOrWhiteSpace(h)))
        {
            services.AddCors(options =>
            {
                //https://stackoverflow.com/questions/43985620/asp-net-core-use-multiple-cors-policies
                foreach (var entry in lstofCors.FindAll(h => !string.IsNullOrWhiteSpace(h)))
                {
                    options.AddPolicy(MyAllowSpecificOrigins, builder => { builder.WithOrigins(entry); });
                }
            });
        }            
    }
    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime applicationLifetime)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        app.UseCors(MyAllowSpecificOrigins);
        // CheckAndEnableDetailLogs(app);
        app.UseMvc();                    
    }       
}

您正在覆盖数组中每个条目的选项。

只需将条目添加为字符串数组即可。

    var lstofCors = new  string[] {"url1", "url2"};
    services.AddCors(options =>
        {
           options.AddPolicy(MyAllowSpecificOrigins, builder => { builder.WithOrigins(lstofCors.ToArray()).AllowAnyMethod(); });
        });
}

编辑:我已经添加了允许任何方法((,因为看起来只有获取方法有效

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium