如何在ASP.NET Web API核心中全局启用CORS

Question

我找到了这个网站:

https://docs.microsoft.com/en-us/aspnet/core/security/cors

但是我对如何在全球范围内启用它感到困惑,因为它似乎有两种方法可以做到这一点,这两种方式之间的区别是什么？或者他们做了两件不同的事情？

public IConfigurationRoot Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            //https://docs.microsoft.com/en-us/aspnet/core/security/cors
            services.AddCors(options =>
            {
                options.AddPolicy("AllowSpecificOrigin",
                    builder => builder.WithOrigins("http://example.com")
                                        .AllowAnyHeader()
                    );
            });

            services.Configure<MvcOptions>(options =>
            {
                options.Filters.Add(new CorsAuthorizationFilterFactory("AllowSpecificOrigin"));
            });

            // Add framework services.
            services.AddMvc();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddConsole(Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();

            app.UseCors("AllowSpecificOrigin");

            app.UseMvc();
        }

Answer 1

ConfigureServices中的调用只是添加Cors服务,而不是设置它(包括创建hte策略).通过添加过滤器,您可以将其设置为全局,但我知道UseCors(在Configure中)是全局添加它的首选方式.Filter代码所做的就是强制所有控制器上的属性,而UseCors有效地做同样的事情,只是在堆栈的不同部分.我相信UseCors不仅仅是为了MVC调用而这样做,这就是它与众不同的原因.