c# - 如何设置 ASP.NET CORS 选项以允许 application/json

Question

如下面的代码所示，我正在向使用 ASP.NET 创建的 Web API 发送一个 POST 请求。服务器是 ISS Express。

浏览器发送给我的错误是

MainPage.html:1 Access to fetch at 'https://localhost:44346/api/topic' from origin 'null' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response

我查看了几篇文章，发现我的问题是 WEB-API 中的 CORS 选项没有发回允许 application/json 的选项。据我了解，出现此问题的原因是我的浏览器和 ISS Express 在同一台计算机上，因此触发了 CORS。我一直在寻找资源来帮助我在 ASP.NET 中获取 CORS，以包含 application/json 作为允许的 header ，但没有取得任何进展。我还尝试在浏览器中禁用 CORS，但我也找不到解释如何执行此操作的网页。

我需要做什么来解决这个问题？

JavaScript 代码

function SubmitTopic() 
{
//Boilerplate code erased for succinctness
            console.log("Creating Request")
            const request = new Request("https://localhost:44346/api/topic", {
                method: 'POST',
                body: json,
                headers: {
                    'Content-Type': 'application/json'
                }
            });
            console.log(request)

            console.log("Starting POST request to API")
            fetch(request).then(res => {
                if (res.status == 201) {
                    console.log("Successfully added json")
                    console.log("Clearing name and description boxes")
                    name.value = "";
                    description.value = "";
                }
                else {
                    console.error("A problem has occured")
                    alert("Failed to post")
                }
            })
        }

C# - 启动代码

using DSPWHU.Models;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.AspNetCore.Cors;

namespace DSPWHU
{
    public class Startup
    {
        readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";

        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddDbContext<EvidenceContext>(opt => opt.UseSqlite("EvidenceList"));
            services.AddDbContext<TopicContext>(opt => opt.UseSqlite("TopicList"));
            
            services.AddControllers();
            services.AddCors(options =>
            {
                options.AddPolicy(name: MyAllowSpecificOrigins,
                                  builder =>
                                  {
                                      builder.AllowAnyOrigin();
                                  });
            });

        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseHttpsRedirection();

            app.UseRouting();
            app.UseCors(MyAllowSpecificOrigins);
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }
    }
}

Answer 1

尝试将您的 service.AddCors() 替换为:

 services.AddCors(o => o.AddPolicy(MyAllowSpecificOrigins, builder =>
            {
                builder.AllowAnyOrigin()
                       .AllowAnyMethod()
                       .AllowAnyHeader();
            }));

并将其放在“ConfigureServices”部分的顶部。