NET 跨域

Web.Config

PS: 现在必须设置true,且前端增加的head参数,必须要维护在Access-Control-Allow-Headers,不然还是会提示跨域

复制代码
    <system.webServer>
        <!--跨域设置-->
        <httpProtocol>
            <customHeaders>
              <remove name="Access-Control-Allow-Origin" />
              <remove name="Access-Control-Allow-Headers" />
              <remove name="Access-Control-Allow-Methods" />

            <add name="Access-Control-Allow-Origin" value="https://xxxxxx" />
              <add name="Access-Control-Allow-Headers" value="accept,origin,referer,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin" />
              <add name="Access-Control-Allow-Methods" value="POST, GET, OPTIONS" />
                <add name="Access-Control-Allow-Credentials" value="true" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
复制代码

Global.asax

PS:配置文件设置了跨域,代码中就不需要设置,重复配置会提示错误

复制代码
        /// <summary>
        /// 
        /// </summary>
        protected void Application_BeginRequest(object sender, EventArgs e)
        {
            //  允许所有的options请求,直接返回200状态码
            if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
            {
                HttpContext.Current.Response.StatusCode = 200;
                //HttpContext.Current.Response.Headers["Access-Control-Allow-Origin"] = HttpContext.Current.Request.Headers["origin"];
                HttpContext.Current.Response.End();
                return;
            }
        }
复制代码

 

PS:

1.Error: 需要设置(Access-Control-Allow-Credentials = true)

xxx Access to XMLHttpRequest at 'https://xxx' from origin 'https://xxx' has been blocked by CORS policy: 
Response to preflight request doesn't pass access control check: 
The value of the 'Access-Control-Allow-Credentials' header in the response is '' 
which must be 'true' when the request's credentials mode is 'include'. 
The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

2.Error: 多个Access-Control-Allow-Origin,重复配置

Access to XMLHttpRequest at 'https://xxx' from origin 'https://xxx' has been blocked by CORS policy: 
Response to preflight request doesn't pass access control check: 
The 'Access-Control-Allow-Origin' header contains multiple values 'https://xxx, https://xxx', but only one is allowed.

3.浏览器会拒绝任何不带 Access-Control-Allow-Credentials: true 标头的响应,且不会把响应提供给调用的网页内容

 4.附带身份凭证的请求时,不支持通配符

 

Reference:

跨源资源共享(CORS)

posted @   Robot-Blog  阅读(5)  评论(0编辑  收藏  举报
相关博文:
· NET6 自定义授权中间件
· NET6 授权方式:简单/角色/策略
· SignalR netcore .net5 webapi 设置 跨域
· 跨域问题处理手册
· Webapi处理跨域请求,你可能踩到的坑
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
历史上的今天:
2022-11-08 NET EF sql 参数化查询
2021-11-08 NetCore EFCore DbFirst 连接 MsSql
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛