问题描述
我使用的是 DynamicPolicyProviderFactory
描述的。下面是我的DynamicPolicyProviderFactory版本:
I am using the DynamicPolicyProviderFactory
as described here. Below is my version of the DynamicPolicyProviderFactory:
public class DynamicPolicyProviderFactory : ICorsPolicyProviderFactory
{
private readonly HashSet<Regex> _allowed;
public DynamicPolicyProviderFactory(IEnumerable allowedOrigins)
{
_allowed = new HashSet<Regex>();
foreach (string pattern in allowedOrigins.Cast<string>()
.Select(Regex.Escape)
.Select(pattern => pattern.Replace("*", "w*")))
{
_allowed.Add(new Regex(pattern, RegexOptions.IgnoreCase));
}
if (_allowed.Count >= 1)
return;
//if nothing is specified, we assume everything is.
_allowed.Add(new Regex(@"https://\w*", RegexOptions.IgnoreCase));
_allowed.Add(new Regex(@"http://\w*", RegexOptions.IgnoreCase));
}
public ICorsPolicyProvider GetCorsPolicyProvider(HttpRequestMessage request)
{
var route = request.GetRouteData();
var controller = (string)route.Values["controller"];
var corsRequestContext = request.GetCorsRequestContext();
var originRequested = corsRequestContext.Origin;
var policy = GetPolicyForControllerAndOrigin(controller, originRequested);
return new CustomPolicyProvider(policy);
}
private CorsPolicy GetPolicyForControllerAndOrigin(string controller, string originRequested)
{
// Do lookup to determine if the controller is allowed for
// the origin and create CorsPolicy if it is (otherwise return null)
if (_allowed.All(a => !a.Match(originRequested).Success))
return null;
var policy = new CorsPolicy();
policy.Origins.Add(originRequested);
policy.Methods.Add("GET");
policy.Methods.Add("POST");
policy.Methods.Add("PUT");
policy.Methods.Add("DELETE");
return policy;
}
}
public class CustomPolicyProvider : ICorsPolicyProvider
{
private readonly CorsPolicy _policy;
public CustomPolicyProvider(CorsPolicy policy)
{
this._policy = policy;
}
public Task<CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
return Task.FromResult(this._policy);
}
}
我的电话注册CORS赢得WebApiConfig.cs
My call to register the cors win the WebApiConfig.cs
config.EnableCors();
config.SetCorsPolicyProviderFactory(new DynamicPolicyProviderFactory(Settings.Default.AllowedDomains));
和我的应用程序设置被传递:
And my application settings being passed:
<MyApp.Properties.Settings>
<setting name="AllowedDomains" serializeAs="Xml">
<value>
<ArrayOfString xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<string>http://localhost</string>
<string>http*://*.domain1.com</string>
<string>http*://*.domain2.com</string>
</ArrayOfString>
</value>
</setting>
</MyApp.Properties.Settings>
尽管这些设置,访问控制允许来源
头是不是对我的回答present如果我从的请求http://mg.domain1.com
到的http://本地主机
。我使用的Web API 2.2和5.2.2 Microsoft.AspNet.Cors
Despite these settings, the Access-Control-Allow-Origin
header is not present on my responses if I make a request from http://mg.domain1.com
to http://localhost
. I am using Web Api 2.2 and Microsoft.AspNet.Cors 5.2.2.
编辑:我发现,如果我使用控制器上的 EnableCors
属性或全局启用它( config.EnableCors(新EnableCorsAttribute(*,*,*));
)它的工作原理,因此它必须是一些与我的动态工厂。令人沮丧的是,在DynamicPolicyProvider是复制/从另一个项目粘贴我使用的正常工作。
edit: I have found that if I use the EnableCors
attribute on the controller, or enable it globally (config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
) it works, so it must be something with my dynamic factory. The frustrating thing is, the DynamicPolicyProvider is copy/pasted from another project I am using that works fine.
编辑2:成功......我启用的并发现错误
edit 2: Success!...I enabled tracing and found the error
The collection of headers 'accept,content-type' is not allowed
所以,我刚才编辑的 GetPolicyForControllerAndOrigin
方法,以允许他们。现在一切正常,请接受我很困惑,因为我没有在我的其他项目(一个我复制从DynamicPolicyProviderFactory)
So I just edited the GetPolicyForControllerAndOrigin
method to allow them. Now everything works, accept I am confused because I did not have to jump through this hoop in my other project (the one I copied the DynamicPolicyProviderFactory from)
推荐答案
启用的。你应该会看到一个错误
Enable tracing in the app. You should see an error
The collection of headers 'accept,content-type' is not allowed
只需添加这为政策允许的头,一切都应该工作。
Just add these to the allowed headers for the policy and everything should work.
这篇关于支持Web API CORS无法添加页眉的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!