Azure website Rest Api only accept GET, POST returns 403. Possibly CORS

前端 未结 2 1612
别那么骄傲
别那么骄傲 2021-01-14 04:40

I am encounter a strange problem. I have a Asp.net Core WebApi project running under Azure App Service (Website). I am using DHC plug-in in Chrome. My service is also runnin

相关标签:
2条回答
  • 2021-01-14 05:00

    Looks like your JavaScript client is being blocked by the Authentication / Authorization module's CSRF protection, which currently doesn't know about the CORS configuration (it probably should - I'll look into this).

    The simplest way to work around this is to add a custom User-Agent HTTP header in your client settings. One of the things our built-in CSRF protection looks for is whether the client is a browser. Pretty much all major browsers use "Mozilla/..." as the user-agent string. Change this to something else to make it clear that you're not a browser and your POST request will go through successfully.

    0 讨论(0)
  • 2021-01-14 05:10

    In my case I had to remove:

    Origin: https://....

    changing User-Agent didn't work

    0 讨论(0)
提交回复
热议问题