Geo*_*rge 3 c# iis plesk cors asp.net-core
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://mysiteapi.domain.com/api/v1.0/operations/1. (Reason: CORS header \xe2\x80\x98Access-Control-Allow-Origin\xe2\x80\x99 missing).当我尝试向我的 .NET5 WebAPI 发出 PUT 请求时,出现了这样的问题。
这些是我已将 CORS 添加到 API 的方法:
\n public static void AddCustomCors(this IServiceCollection services, IWebHostEnvironment env, IConfiguration config)\n {\n var cors = config.GetSection("Cors").Get<CorsSettings>();\n if (!cors.Enabled)\n {\n return;\n }\n\n services.AddCors(options =>\n {\n options.AddPolicy("Default",\n builder =>\n {\n builder.WithExposedHeaders(cors.ExposedHeaders)\n .WithHeaders(cors.Headers)\n .WithMethods(cors.Methods);\n .WithOrigins(cors.Origins);\n\n });\n });\n }\n\n public static void UseCustomCors(this IApplicationBuilder app, IConfiguration config)\n {\n var cors = config.GetSection("Cors").Get<CorsSettings>();\n if (cors.Enabled)\n {\n app.UseCors("Default");\n }\n }\n它们分别作为和Startup.cs中的第一个方法被调用。\n设置如下所示:ConfigureServicesConfigure
"Cors": {\n "Enabled": true,\n "Origins": [ "http://mysite.domain.com" ],\n "ExposedHeaders": [ "X-Request-Id", "X-Request-Duration" ],\n "Headers": [ "Content-Type", "Authorization", "X-Requested-With" ],\n "Methods": [ "OPTIONS", "GET", "POST", "PUT", "DELETE" ]\n }\nGET 请求有效,但 PUT 无效。检查网络浏览器选项卡,我发现 OPTIONS 请求正常,并且可以看到我的设置已添加,但在 PUT 请求中它们丢失了。\nOPTIONS 请求和响应:
\nOPTIONS /api/v1.0/operations/1 HTTP/2\nHost: mysiteapi.domain.com\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\nAccept: */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nAccess-Control-Request-Method: PUT\nAccess-Control-Request-Headers: authorization,content-type\nReferer: https://mysite.domain.com/operation/edit/1\nOrigin: https://mysite.domain.com\nConnection: keep-alive\nTE: Trailers\n\n\nHTTP/2 204 No Content\nserver: Microsoft-IIS/10.0\naccess-control-allow-origin: https://mysite.domain.com\naccess-control-allow-headers: Content-Type,Authorization,X-Requested-With,Origin\naccess-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE\nx-powered-by: ASP.NET\nx-powered-by-plesk: PleskWin\ndate: Thu, 28 Jan 2021 16:21:49 GMT\nX-Firefox-Spdy: h2\n\nPUT 请求和响应:
\nPUT /api/v1.0/operations/1 HTTP/2\nHost: mysiteapi.domain.com\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0\nAccept: application/json, text/plain, */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nAuthorization: Bearer <token>\nContent-Type: application/json\nContent-Length: 353\nOrigin: https://mysite.domain.com\nConnection: keep-alive\nReferer: https://mysite.domain.com/operation/edit/1\nTE: Trailers\n\nHTTP/2 405 Method Not Allowed\nallow: GET, HEAD, OPTIONS, TRACE\ncontent-type: text/html\nserver: Microsoft-IIS/10.0\nx-powered-by: ASP.NET\nx-powered-by-plesk: PleskWin\ndate: Thu, 28 Jan 2021 16:21:49 GMT\ncontent-length: 12591\nX-Firefox-Spdy: h2\nAPI 位于 Plesk 18.0.32 中 IIS 中运行的 Web 主机上。web.config如下:
\n<?xml version="1.0" encoding="utf-8"?>\n<configuration>\n <location path="." inheritInChildApplications="false">\n <system.webServer>\n <handlers>\n <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />\n </handlers>\n <aspNetCore processPath="dotnet" arguments=".\\MySite.WebApi.dll" stdoutLogEnabled="true" stdoutLogFile=".\\logs\\stdout" hostingModel="InProcess" />\n </system.webServer>\n </location>\n\n </system.webServer>\n <system.web>\n <compilation tempDirectory="C:\\Inetpub\\vhosts\\mysite.com\\tmp" />\n <customErrors mode="Off" />\n </system.web>\n</configuration>\n我怀疑这是 web.config 的问题,所以我尝试过:
\nAccess-Control-Allow-Origin作为自定义标头 - 这会导致错误,因为它们被添加了两次还有其他人遇到过这个问题吗?
\n将其包含在 web.config<system.webServer>之前的 xml中<handlers>,以删除可能已禁用PUT请求的 webdav。
<modules>
<remove name="WebDAVModule" />
</modules>
| 归档时间: |
|
| 查看次数: |
1573 次 |
| 最近记录: |