ASP.NET Core Web Api发送Access-Control-Allow-Origin:null CORS头和chrome是错误的,如何修复？

Question

昨天我设法让我的API在我的本地计算机上工作,但是今天(相同的代码)在另一台计算机上,它不能正常工作,我在控制台上收到此错误:

无法加载http:// localhost:52056/api/task:'Access-Control-Allow-Origin'标头的值为'null',不等于提供的原点.因此不允许原点'null'访问.

以下是Chrome上的http请求和响应:

(我在IE/Firefox中看不到错误)

这是我的启动类(使用.net core 2)

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using TodoApi;

namespace TestCors
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddSingleton<ITaskWarehouse, TaskWarehouse>();

            services.AddCors();
            services.AddMvc();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseCors(builder => builder
                    .AllowAnyOrigin()
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials());
            app.UseMvc();
        }
    }
}

这有什么不对？从昨天起代码是相同的,但我在Windows 10上运行,这台机器有Windows 7.有什么想法吗？谢谢

Answer 1

尝试删除

.AllowCredentials()

CORS不允许你拥有.AllowCredentials()并.AllowAnyOrigin()为同一政策.我不知道它为什么在不同的机器上工作.

这是来自ASP.NET页面

CORS规范还规定,如果SupportsCredentials为true,则将原点设置为"*"无效.