.Net core 6 CORS问题

我有一个简单的 API，当我从另一个网站调用我的 API 时，出现 CORS 错误。我已经测试了所有内容，但似乎没有任何效果。该请求在 Postman 中运行良好。我有一个 API 密钥中间件，我也附上了它的代码。另一件事是，如果我在标头中传递 API 密钥，我只会收到 CORS 错误。如果我将它作为查询字符串传递，我不会收到任何错误，或者更准确地说，它会返回 404，但它会运行代码并返回结果：

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Diagnostics;
using Microsoft.EntityFrameworkCore;
using MY_API;
using MY_API.Data;
using MY_API.Middleware;


var builder = WebApplication.CreateBuilder(args);


// Add services to the container.

builder.Services.AddControllers().AddNewtonsoftJson();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddDbContext<TestContext>(options =>
{
    options.UseSqlServer(builder.Configuration.GetConnectionString("Connection"));
});


builder.Services.AddCors(options =>
{
    options.AddPolicy("corsPolicy",
                      policy =>
                      {
                          policy
                               .AllowAnyOrigin()
                               .AllowAnyMethod()
                               .AllowAnyHeader();

                      });
});


var app = builder.Build();


if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseHttpsRedirection();
app.UseCors("corsPolicy");
app.UseAuthentication();

app.UseAuthorization();


app.UseMiddleware<ApiKeyMiddleware>();

app.MapControllers();

app.Run();

我正在运行一个简单的 GET 请求。

// GET: api/Tests/5
[HttpGet("{id}")]
public async Task<ActionResult<Test>> GetTest(int id)
{
    var Test = await _context.Tests.FindAsync(id);

    if (Test == null)
    {
        return NotFound();
    }

    return Test;
}

我的API key中间件是这样的。请注意我用来在传递标头或查询字符串之间切换的注释行：

using System.Diagnostics;

namespace MY_API.Middleware
{
    public class ApiKeyMiddleware
    {
        private readonly RequestDelegate _next;
        private const string APIKEY = "apiKey";
        public ApiKeyMiddleware(RequestDelegate next)
        {
            _next = next;
        }
        public async Task InvokeAsync(HttpContext context)
        {
           if (!context.Request.Headers.TryGetValue(APIKEY, out var extractedApiKey))
             //   if (!context.Request.Query.TryGetValue(APIKEY, out var extractedApiKey))
                {
                context.Response.StatusCode = 401;
                await context.Response.WriteAsync("Api Key was not provided ");
                return;
            }

            var appSettings = context.RequestServices.GetRequiredService<IConfiguration>();

            var apiKey = appSettings.GetValue<string>(APIKEY);

            if (!apiKey.Equals(extractedApiKey))
            {
                context.Response.StatusCode = 401;
                await context.Response.WriteAsync("Unauthorized client");
                return;
            }


            await _next(context);
        }
    }
}

这是我得到的错误：

如果我将 API 作为查询字符串传递，我会得到类似这样的结果，但它会返回结果。请注意它是针对不同的 GET 请求并且名称不同：