Credentials flag is 'true', but the 'Access-Control-Allow-Credentials

前端 未结 4 1220
失恋的感觉
失恋的感觉 2021-02-15 03:59

I am trying to connect to a ASP.NET Web-API Web Service from an AngularJS page and I am getting the following

Credentials flag is \'true\', but the \'Access-Control-Al

相关标签:
4条回答
  • 2021-02-15 04:38

    The header is added twice once by the code and the other by the web.config. The CORS support is used to allow for the addition of headers for CORS purposes. The configuration custom headers also add response headers to any request, so you may want to remove the config setting.

    var cors = new EnableCorsAttribute..
    
    <customHeaders>
        <add name="Access-Control-Allow-Origin" value="http://localhost:221" />
    </customHeaders>
    

    Since both of those areas are adding the same origin twice, you get the multiple values on the header.

    When making an AJAX call with the parameter withCredentials: true, the response header should have the Access-Control-Allow-Credentials = true. You need to add that via code using SupportsCredentials = true for the CORS attributes. Otherwise you will get the error "Credentials flag is 'true', but the 'Access-Control-Allow-Credentials is ''"

    For more information, on the withCredential parameter and the response header look at this article:

    http://www.ozkary.com/2015/12/api-oauth-token-access-control-allow-credentials.html

    hope it helps.

    0 讨论(0)
  • 2021-02-15 04:44

    Try the method outlined here for preflight requests:

    enabling cross-origin resource sharing on IIS7

    And use the Chrome extension Postman or Fiddler for easier debugging of CORS. I'm willing to bet that you are adding the header twice, but without your entire code, it is difficult to debug. (heck, CORS is difficult to debug even with the code).

    To me, it appears that you shouldn't have both the web.config setting as well as the global EnableCors() attribute - this causes the doubles.

    You don't appear to be adding the Access-Control-Allow-Credentials anywhere server side, but it might be added by the AllowCors attribute, I am not sure. (I am partial to handling CORS in OWIN myself)

    0 讨论(0)
  • 2021-02-15 04:54

    For whom, who uses WebApiConfig.cs:

    config.EnableCors(new EnableCorsAttribute("*", "*", "*") { SupportsCredentials = true }); 
    
    0 讨论(0)
  • 2021-02-15 05:02

    I came across this question while trying to hit a webapi on .net core from an angular2 app. I had to add AllowCredentials() to the cors configuration in my Configure method in the Startup.cs to look like the following.

    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        ...
        app.UseCors(builder =>
            builder
            .AllowCredentials()
            .WithOrigins("http://localhost:3000"));
        ...
    }
    
    0 讨论(0)
提交回复
热议问题