您的位置: 首页  >  技术问答  >  当请求的凭据模式为“包含"时,响应中“Access-Control-Allow-Origin"标头的值不得为通配符“*"

当请求的凭据模式为“包含"时,响应中“Access-Control-Allow-Origin"标头的值不得为通配符“*"

分类: 技术问答 2022-06-16 08:57:04
问题描述:

我的应用程序在 IE 浏览器中运行良好,但由于 CORS 问题,它无法在 Chrome 浏览器中运行.

My application is working fine in IE browser, But it's not working in Chrome browser due to CORS issue.

问题是

加载失败 http://localhost:52487/api/Authentication/: 的值当请求的凭据模式为包含"时,响应中的Access-Control-Allow-Origin"标头不能是通配符*".Origin 'http://localhost:4200' 因此不允许访问.XMLHttpRequest 发起的请求的凭证模式由 withCredentials 属性控制.

Failed to load http://localhost:52487/api/Authentication/: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:4200' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

我在前端使用 angular 2,在后端使用 Asp.net core 1.0.我试过了

I am using angular 2 in front-end and using Asp.net core 1.0 in back-end. I have tried

这是我的启动代码

public void ConfigureServices(IServiceCollection services)
{
    services.AddCors(options =>
    {
        options.AddPolicy("AllowAll", p =>
        {
            p.AllowAnyOrigin()
            .AllowAnyHeader()
            .AllowAnyMethod();
        });
    });

    // Add framework services.
    services.AddMvc();
    // Add functionality to inject IOptions<T>
    services.AddOptions();
    // Add our Config object so it can be injected
    services.Configure<Data>(Configuration.GetSection("Data"));

    services.Configure<COCSettings>(Configuration.GetSection("COCSettings"));

    services.Configure<EmailSettings>(Configuration.GetSection("EmailSettings"));

    AppSettings.ConnectionString = Configuration["Data:DefaultConnectionString"];

    // *If* you need access to generic IConfiguration this is **required**
    services.AddSingleton<IConfiguration>(Configuration);

    // Injecting repopsitories with interface
    AddServices(services);

    // Add Json options
    services.AddMvc().AddJsonOptions(options => options.SerializerSettings.ContractResolver = new DefaultContractResolver());
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    loggerFactory.AddConsole(Configuration.GetSection("Logging"));
    loggerFactory.AddDebug();
    app.UseMiddleware(typeof(ErrorHandling));
    app.UseMiddleware(typeof(GetNoCache));
    app.UseCors("AllowAll");
    app.UseMvc();
}

这就是我从 UI(角度)端调用 API 的方式

this is how I am calling the API from UI(angular) side

constructor(private http: Http) {
    this.headers = new Headers();
    this.headers.append('Accept', 'application/json');
}

GetMaintainCOC(FYONId) {
    return this.http.get(this.apiUrl + 'GetCertificationofConformity?FYONId=' + FYONId, { withCredentials: true })
    .map(responce => <any>responce.json())
    .catch(error => {
        return Observable.throw(error);
    });
}

它正在工作,当我在 AddPolicy

 services.AddCors(options =>
            {
                options.AddPolicy("AllowAll", p =>
                {
                    p.AllowAnyOrigin()
                    .AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowCredentials();
                });
            });

我从Access-Control-Allow-Origin:*"当凭证标志为真时不允许,但没有 Access-Control-Allow-Credentials 标头

我在角度 http 服务调用中使用 { withCredentials: true } .所以我想我应该在 CORS 服务中使用 AllowCredentials() 策略.

I am using { withCredentials: true } in angular http service call. So I guess I should use AllowCredentials() policy in CORS service.

相关推荐