发表新帖
发表新帖

Request header was not present in the Access-Control-Allow-Headers list

后端 未结
关注
3 761
借酒劲吻你
借酒劲吻你 2021-01-18 00:05

In my API, I have the following code:

public class CustomOAuthProvider : OAuthAuthorizationServerProvider
{

    public override Task MatchEndpoint(OAuthMatc
相关标签:
3条回答
  • 借酒劲吻你
    2021-01-18 00:40

    I've found a piece of code here which fixed it for me.

    //Startup.cs
public void ConfigureOAuth(IAppBuilder app)
{
    app.Use(async (context, next) =>
    {
        IOwinRequest req = context.Request;
        IOwinResponse res = context.Response;
        if (req.Path.StartsWithSegments(new PathString("/oauth2/token")))
        {
            var origin = req.Headers.Get("Origin");
            if (!string.IsNullOrEmpty(origin))
            {
                res.Headers.Set("Access-Control-Allow-Origin", origin);
            }
            if (req.Method == "OPTIONS")
            {
                res.StatusCode = 200;
                res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Methods", "GET", "POST");
                res.Headers.AppendCommaSeparatedValues("Access-Control-Allow-Headers", "authorization", "content-type", "x-api-applicationid", "access-control-allow-origin");
                return;
            }
        }
        await next();
    });

    // rest of owin Oauth config
}

    I removed the MatchEndpoint method from my CustomOAuthProvider.cs

    0 讨论(0)
  • 半阙折子戏
    2021-01-18 00:50

    Make sure it's not as simple as a misspelling of the content-type header in your AJAX. I was getting this with an OPTIONS preflight with an application/x-www-form-urlencoded content-type, which doesn't necessitate a preflight, but I had

    content-type: application/x-www-form-urlencoded

    instead of

    application/x-www-form-urlencoded

    as my contentType option.

    WRONG:

    $.ajax({
    url: 'http://www.example.com/api/Account/Token',
    contentType: 'content-type: application/x-www-form-urlencoded',
    method: 'POST',
    data: {
        grant_type: "password",
        username: $('#username').val(),
        password: $('#password').val()
    },
});

    RIGHT:

    $.ajax({
    url: 'http://www.example.com/api/Account/Token',
    contentType: 'application/x-www-form-urlencoded',
    method: 'POST',
    data: {
        grant_type: "password",
        username: $('#username').val(),
        password: $('#password').val()
    },
});
    0 讨论(0)
  • 小蘑菇
    2021-01-18 00:52

    No need to remove MatchEndPoint

    Instead of adding array element just add Comma-Separated value as first array element in Access-Control-Allow-Headers

    Instead of

     context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers", 
                new[] { 
                    "access-control-allow-origin", 
                    "accept", 
                    "x-api-applicationid", 
                    "content-type", 
                    "authorization" 
                });

    use

    context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers", 
    new[] { 
        "access-control-allow-origin,accept,x-api-applicationid,content-type,authorization" 
    });
    0 讨论(0)
 看不清?
提交回复
热议问题