问题
Here is my CORS configuration:
services.AddCors(options =>
{
options.AddPolicy(name: "AllowedOrigins",
policyBuilder =>
{
var urls = Configuration.GetSection("Host:AllowedOrigins").Get<List<string>>();
policyBuilder.WithOrigins(urls.ToArray())
.AllowAnyMethod()
.AllowAnyHeader()
.SetIsOriginAllowed((host) => true)
.AllowCredentials();
});
});
And in Configure method:
app.UseRouting();
app.UseCors("AllowedOrigins");
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
For internal server error, there are no access-control-* headers in the response. As far as I know this issue should be fixed since ASP.NET Core 2.2.
回答1:
You need to explicitly call app.UseExceptionHandler(...) in your startup.
If you do not, then unhandled exceptions bubble up the call stack all the way to Kestrel. And Kestrel does not call the delegates hooked up to HttpContext.Response.OnStarting(...). CorsMiddleware (and many other middleware) use OnStarting to hook into adding information to the response.
来源:https://stackoverflow.com/questions/62040313/cors-header-not-being-set-for-internal-server-error-response-asp-net-core-3-1