asp.net core 2.1 cross orgin policy。添加为CORS时,只有单个URL工作

问题描述 投票:0回答:1

我想添加多个rul,应该列入CORS白名单。

问题只是单个网址工作。我的代码如下

public class StartupShutdownHandler
{
    private static readonly log4net.ILog Logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
    private const string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
    public StartupShutdownHandler(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }
    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
        services.AddMvc(options => { options.RespectBrowserAcceptHeader = true; }).AddXmlSerializerFormatters().AddXmlDataContractSerializerFormatters();

        CorsRelatedPolicyAddition(services);
    }
    private void CorsRelatedPolicyAddition(IServiceCollection services)
    {
/*        var lstofCors = ConfigurationHandler.GetSection<List<string>>(StringConstants.AppSettingsKeys.CORSWhitelistedURL);
*/
var lstofCors = new  List<string> {"url1", "url2"}

        if (lstofCors != null && lstofCors.Count > 0 && lstofCors.Any(h => !string.IsNullOrWhiteSpace(h)))
        {
            services.AddCors(options =>
            {
                //https://stackoverflow.com/questions/43985620/asp-net-core-use-multiple-cors-policies
                foreach (var entry in lstofCors.FindAll(h => !string.IsNullOrWhiteSpace(h)))
                {
                    options.AddPolicy(MyAllowSpecificOrigins, builder => { builder.WithOrigins(entry); });
                }
            });
        }            
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env, IApplicationLifetime applicationLifetime)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseCors(MyAllowSpecificOrigins);

        // CheckAndEnableDetailLogs(app);
        app.UseMvc();                    
    }       
}
c# .net-core cors asp.net-core-2.1
1个回答
1
投票

您将覆盖阵列中每个条目的选项。

只需将条目添加为字符串数组即可。

    var lstofCors = new  string[] {"url1", "url2"};
    services.AddCors(options =>
        {
           options.AddPolicy(MyAllowSpecificOrigins, builder => { builder.WithOrigins(lstofCors.ToArray()).AllowAnyMethod(); });
        });
}

编辑:我添加了AllowAnyMethod(),看起来只有get方法正常工作

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.