當出現
The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the CORS policy by listing individual origins if credentials needs to be supported 跨域錯誤的時候
只需要給予一個可信列表即可。修改內容如下:
services.AddCors(options => options.AddPolicy("CorsPolicy", builder => { builder.WithOrigins(new string[] { "http://127.0.0.1:5500" }) .AllowAnyMethod() .AllowAnyHeader() .AllowCredentials(); }));
如果真的就不想做任何限制,其實也是有辦法的。只需要將AllowAnyOrigin替換為SetIsOriginAllowed(_ => true)就可以解決。
services.AddCors(options => options.AddPolicy("CorsPolicy", builder => { builder.AllowAnyMethod() .SetIsOriginAllowed(_ => true) .AllowAnyHeader() .AllowCredentials(); }));
除了前面的兩個方法以外,其實還可以自定義中間件。添加Cors處理類。如下:
public class CorsMiddleware { private readonly RequestDelegate next; public CorsMiddleware(RequestDelegate next) { this.next = next; } public async Task Invoke(HttpContext context) { if (context.Request.Headers.ContainsKey(CorsConstants.Origin)) { context.Response.Headers.Add("Access-Control-Allow-Origin", context.Request.Headers["Origin"]); context.Response.Headers.Add("Access-Control-Allow-Methods", "PUT,POST,GET,DELETE,OPTIONS,HEAD,PATCH"); context.Response.Headers.Add("Access-Control-Allow-Headers", context.Request.Headers["Access-Control-Request-Headers"]); context.Response.Headers.Add("Access-Control-Allow-Credentials", "true"); if (context.Request.Method.Equals("OPTIONS")) { context.Response.StatusCode = StatusCodes.Status200OK; return; } } await next(context); } }
在Configure方法中添加如下內容即可。
app.UseMiddleware<CorsMiddleware>();