因此,我尝试了很长时间才能解决我的cors问题。我的浏览器说服务器未发送access-control-allow-origin
头。我在docker容器中有一个C#Asp.net核心应用程序,并且使用了反向nginx代理。在我的C#应用程序中,我设置了每种方法和每种起源:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o => o.AddPolicy("MyPolicy",builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
//service stuff and jwt
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app,IHostingEnvironment env)
{
app.UseCors("MyPolicy");
app.UseAuthentication();
app.UseMvc();
}
我以为:好吧,问题出在nginx。因此,我尝试从nginx在站点配置中手动添加标题:
upstream domain{
server 127.0.0.1:30004;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain;
access_log off;
expires 24h;
add_header access-control-allow-origin 'https://app.domain.de';
add_header access-Control-Allow-Method "GET,POST,OPTIONS,DELETE,PUT";
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:30004/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header x-Forwarded-Proto $scheme;
}
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem; # managed by Certbot
}
然后access-control-allow-origin
标头被发送两次,并且它对我也不起作用。
http://prntscr.com/pyxi62(在这里您可以看到响应标题和请求标题)
http://prntscr.com/pyxiim(在这里您可以看到浏览器说它不匹配)
Reverted the changes to nginx config
关于整个事情的奇怪之处在于,当我尝试使用登录路由时,它只是不发送标头。即使在该OPTION
请求之前的POST
请求中,也可以获取正确的响应头。我有一条刷新令牌的路线。这给了我响应状态401
,这很好。它还具有正确的响应头。
- 如您所见,为什么当startup.cs显示它们都被平等地对待时,它们的处理方式却有所不同?
- 为什么我不能只允许nginx配置?它只是说,显然不匹配时,它不匹配
- 为什么不起作用?
感谢您抽出宝贵时间阅读这个长问题。