问题描述
在web-api上有关于CORS的100多个问题,以及如何启用CORS,每个提供的答案都不同。我很困惑,不知道哪个答案是正确的。问题是没有答案实际上解释明确,每行代码的作用,所以我可以理解和解决我的问题,而不是复制粘贴代码。
反正,问题是:我使用asp.net web api 2使用owin。我需要启用CORS。我该怎么做?有OWIN的cors设置
application.UseCors(CorsOptions.AllowAll);
并且有asp.net web api的cors设置
var cors = new EnableCorsAttribute(*,*,*,*);
config.EnableCors(cors);
我应该使用,因为我没有使用OAUTH(我指定这是因为答案SO不同当我们使用OAUTH v / s时,当我们不使用它)。
我需要启用CORS为OWIN& WEB-API或只为其中一个。如果两者都启用,则会出现问题,
它如果有人可以向我解释
之间的区别,那将非常有帮助。- OWIN CORS
- WEB API CORS
- CORS与OAUTH使用OWIN / WEBAPI
api反对owin托管的web-api,这进一步增加了困惑:(对不起,
如果您需要将 CORS 应用于您的 API控制器,请使用 Web API的CORS
你必须使用 Owin.Cors
。
如果你最终使用两者,需要确保它们不重叠,并对同一请求应用两次。
Web API 2.2
可以通过提供 EnableCorsAttribute
轻松启用 CORS 。
基本用法
[EnableCors(*,*,*)]
public class ResourcesController:ApiController
{
...
属性定义
[AttributeUsageAttribute(AttributeTargets.Class | AttributeTargets.Method,AllowMultiple = false)]
public EnableCorsAttribute(
string originins,
string headers,
string methods
)
全局使用
public static class WebApiConfig
{
public static void注册(HttpConfiguration config)
{
var cors = new EnableCorsAttribute(www.example.com,*,*);
config.EnableCors(cors);
// ...
}
}
还需要从nuget安装CORS包
安装软件包Microsoft.AspNet.WebApi.Cors
there are 100s of question on CORS on web-api, and on how to enable CORS, there is a different answer each one provides. I am so confused and dont know which answer is correct. And the problem is none of the answers actually explains it point wise, what each line of code does, so that I can understand and solve my problem rather than copy-pasting the code.
anyways, the question is: I am using asp.net web api 2 using owin. And i need to enable CORS. how do I do it? There is cors settings for OWIN
application.UseCors(CorsOptions.AllowAll);
and there is cors settings for asp.net web api
var cors = new EnableCorsAttribute("*", "*", "*", "*");
config.EnableCors(cors);
which one should I use given I am not using OAUTH (I am specifying this because answers on SO differ on when we use OAUTH v/s when we dont use it).
Do i need to enable CORS for both OWIN & WEB-API or only for one of them. There is issue if both are enabled, read here
It would be really helpful if someone can explain me the difference between
- OWIN CORS
- WEB API CORS
- CORS with OAUTH using OWIN/WEBAPI
Also there are answers for self-hosted web api against owin hosted web-api, which further adds to the confution :(, sorry for the rant
You are supposed to use Web API's CORS
if you need CORS applied to your API Controllers. For everything else (like a token service) you're stuck with having to use Owin.Cors
.
If you end up using both, you'll need to make sure they don't overlap and apply CORS twice to the same request.
Web API 2.2
makes it easy to enable CORS by providing the EnableCorsAttribute
.
Basic Usage
[EnableCors("*", "*", "*")]
public class ResourcesController : ApiController
{
...
Attribute definition
[AttributeUsageAttribute(AttributeTargets.Class|AttributeTargets.Method, AllowMultiple = false)]
public EnableCorsAttribute(
string origins,
string headers,
string methods
)
To enable CORS globally use
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
var cors = new EnableCorsAttribute("www.example.com", "*", "*");
config.EnableCors(cors);
// ...
}
}
You will also need to install the CORS package from nuget
Install-Package Microsoft.AspNet.WebApi.Cors
这篇关于owin cors或web api cors的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!