发表新帖
发表新帖

CORS Policy has been blocked my subdomain

前端 未结
关注
2 1080
你的背包
你的背包 2021-01-28 09:13

I have a same domain, one of them is domain without prefix www. For example,

  1. https://www.example.com
  2. https://example.com

First domain works

相关标签:
2条回答
  • 长情又很酷
    2021-01-28 09:43

    You can't use AllowAnyOrigin with AllowCredentials. Below is an example that allows wildcard domains with CORS.

    This code goes in ConfigureServices:

    services.AddCors(options =>
        {
            options.AddPolicy("_AllowOrigin",
                builder => builder
                    .SetIsOriginAllowedToAllowWildcardSubdomains()
                    .WithOrigins("https://localhost:44385", "https://*.azurewebsites.net", "http://*.azurewebsites.net")
                    .AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowCredentials()
                );
        });

    Don't forget to decorate your action in your controller:

        [EnableCors("_AllowOrigin")]
    0 讨论(0)
  • 耶瑟儿~
    2021-01-28 09:49

    This happens because you have specified both:

    • AllowAnyOrigin()
    • AllowCredentials();

    This configuration is not supported. See the doc:

    Specifying AllowAnyOrigin and AllowCredentials is an insecure configuration and can result in cross-site request forgery. The CORS service returns an invalid CORS response when an app is configured with both methods.

    You should remove the call to AllowAnyOrigin method

    0 讨论(0)
 看不清?
提交回复
热议问题