CORB(ASP.NET Core)阻止了Return Challenge()

问题描述 投票:0回答:1

我已经使用Microsoft.AspNetCore.Identity和外部登录名以及Angular 8前端构建了一个ASP.NET Core网站。这基本上是我控制器中的代码:

[Controller]
[Route("web/[controller]")]
public class AccountController : Controller
{
    // GET: web/Account/connect/{provider}
    [AllowAnonymous]
    [HttpGet("connect/{provider}", Name = "web-account-external-connect-challenge")]
    public async Task<ActionResult> ExternalLogin(string provider)
    {
        var redirectUrl = Url.Action(nameof(ExternalLoginCallback), "Account", new { provider });
        var properties = signin_manager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
        return Challenge(properties, provider);
    }

    // GET: web/Account/connect/{provider}/callback
    [HttpGet("connect/{provider}/callback", Name = "web-account-external-connect-callback")]
    public async Task<ActionResult> ExternalLoginCallback([FromRoute]string provider)
    {
        ...
    }
}

因此,访问/ web / Account / connect / Facebook时,您应该获得Facebook登录页面。成功登录后,FB将重定向到ExternalLoginCallback,应用程序将处理登录(创建帐户,登录)。

Last warning notifies about CORB

[现在看来我被CORB打了(以前从未听说过)。我知道CORS,但是CORB对我来说是新的。

您可以窥见动作here

  • 请打开访客窗口(为了不自动登录)
  • 按F12键打开开发人员工具
  • 导航到https://mintplayer.com/account/login
  • 单击社交登录按钮,将显示弹出窗口,但带有角度应用程序的404页面(这也会引起误解)
  • 按F12键打开弹出窗口的开发人员工具
  • 出现以下消息

跨源读取阻止(CORB)阻止了跨源响应https://www.facebook.com/login.php?skip_api_login=1&api_key=...&kid_directed_site=0&app_id=...&signed_next=1&next=...&display=page&locale=nl_NL&pl_dbl=0MIME类型为text / html。看到https://www.chromestatus.com/feature/5629709824032768更多详细信息。

该应用程序始终显示NotFoundComponent,但是只有在按ctrl + F5(清除缓存)后,Facebook登录页面才会出现。现在缓存清除与它无关,问题绝对是CORB。

return Challenge()似乎是立即从Facebook渲染登录页面,而我自己的URL上没有iframe。

The response of the same request in Postman

我不知道如何解决该问题。是否应在响应中添加Access-Control-Allow-Origin标头,以允许我的应用程序加载/重定向到Facebook / Twitter / Google / Microsoft登录页面?但是我不打算肯定允许所有起源...

PS。它在localhost / development上运行良好。

信息:

版本信息:

  • ASP.NET Core:3.1
  • Microsoft.AspNetCore.Identity.EntityFrameworkCore:3.1.1
  • Microsoft.AspNetCore.Authentication.MicrosoftAccount:3.1.1
  • @@角/核心:〜8.1.1
  • @@ angular / pwa:^ 0.803.23

编辑:

[好,当我尝试浏览我的站点地图:https://mintplayer.com/Sitemap时,我得到相同的结果,相同的行为,并带有以下控制台警告:

资源解释为样式表,但以MIME类型传输application / xml:“ https://mintplayer.com/assets/sitemap.xsl”。

asp.net-core facebook-login cross-origin-read-blocking
1个回答
0
投票

[好,所以经过一番挖掘之后,看来请求的资源(在我的情况下是/ web / Account / connect / Facebook,...,/ signin-facebook,...和/ Sitemap)被我的服务人员缓存的事实。我这样更新了ngsw-config.json:

{
  "$schema": "./node_modules/@angular/service-worker/config/schema.json",
  "index": "/index.html",
  "version": 6,
  "assetGroups": [
    ...
  ],
  "dataGroups": [
    {
      /* /web/... can be cached, /web/Account/... cannot */
      "name": "web",
      "urls": [ "/web", "!/web/Account" ],
      "cacheConfig": {
        "maxSize": 20,
        "maxAge": "1d",
        "strategy": "freshness"
      }
    },
    {
      /* /web/Account/... cannot be cached */
      "name": "account",
      "urls": [ "/web/Account" ],
      "cacheConfig": {
        "maxSize": 0,
        "maxAge": "0u",
        "strategy": "freshness"
      }
    },
    {
      /* /signin-** (defined by Identity) cannot be cached */
      "name": "external-callback",
      "urls": [ "/signin-microsoft", "/signin-google", "/signin-facebook", "/signin-twitter" ],
      "cacheConfig": {
        "maxSize": 0,
        "maxAge": "0u",
        "strategy": "freshness"
      }
    },
    {
      /* /Sitemap cannot be cached */
      "name": "sitemap",
      "urls": [ "/Sitemap" ],
      "cacheConfig": {
        "maxSize": 0,
        "maxAge": "0u",
        "strategy": "freshness"
      }
    }
  ],
  "cacheConfig": {
    "strategy": "freshness"
  }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.