ABP 跨域
针对明确发出请求的地址,跨域可如下设置
appsetting文件
对于需要跨域的地址配置在节点CorsOrigins中
StartUp
跨域策略
ConfigureServices中如下设置
只对规定的发出请求地址可跨域请求
1 services.AddCors(options => 2 { 3 options.AddPolicy(DefaultCorsPolicyName, builder => 4 { 5 //App:CorsOrigins in appsettings.json can contain more than one address with splitted by comma. 6 builder 7 .WithOrigins( 8 // App:CorsOrigins in appsettings.json can contain more than one address separated by comma. 9 _appConfiguration["App:CorsOrigins"]//读取配置文件中的可跨域地址 10 .Split(",", StringSplitOptions.RemoveEmptyEntries) 11 .Select(o => o.RemovePostFix("/")) 12 .ToArray() 13 ) 14 .SetIsOriginAllowedToAllowWildcardSubdomains() 15 .AllowAnyHeader() 16 .AllowAnyMethod() 17 .AllowCredentials(); 18 19 }); 20 21 });
Configure中启用策略
app.UseCors(DefaultCorsPolicyName); //Enable CORS!表示默认启用DefaultCorsPolicyName策略
注意:对 UseCors
的调用必须放在 UseRouting
之后,但在 UseAuthorization
之前
对于没有明确的发出请求地址,如单独的静态页面向服务器发出请求
可对此请求的api做单独跨域策略
StartUp
在以上的配置增加如下配置
ConfigureServices中增加跨域策略
1 services.AddCors(options => 2 { 3 options.AddPolicy(DefaultCorsPolicyName, builder => 4 { 5 //App:CorsOrigins in appsettings.json can contain more than one address with splitted by comma. 6 builder 7 .WithOrigins( 8 // App:CorsOrigins in appsettings.json can contain more than one address separated by comma. 9 _appConfiguration["App:CorsOrigins"] 10 .Split(",", StringSplitOptions.RemoveEmptyEntries) 11 .Select(o => o.RemovePostFix("/")) 12 .ToArray() 13 ) 14 .SetIsOriginAllowedToAllowWildcardSubdomains() 15 .AllowAnyHeader() 16 .AllowAnyMethod() 17 .AllowCredentials(); 18 19 20 }); 21 //增加静态网页请求跨域策略 22 options.AddPolicy("StaticRequest", builder => 23 { 24 //App:CorsOrigins in appsettings.json can contain more than one address with splitted by comma. 25 builder 26 .SetIsOriginAllowed(_ => true) 27 .AllowAnyHeader() 28 .AllowAnyMethod() 29 .AllowCredentials(); 30 }); 31 });
在静态网页请求的api上面指定使用auto策略
注:根据配置默认使用DefaultCorsPolicyName策略,api需要其他策略则需要明确指定。
详情参考官方:https://learn.microsoft.com/zh-cn/aspnet/core/security/cors?view=aspnetcore-7.0#testc6