如何修复“ CORS 协议不允许同时指定通配符(任何)原点和凭据”错误

我已经在 C # . net Core 项目中启用了 CORS

startup.cs中我添加了线

...
services.AddCors();
...
app.UseCors(builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());

但是当我尝试在另一个 Blazor项目中使用 API 时,我在主机上的 API 项目的日志中看到了这个错误

CORS 协议不允许指定通配符(任何)原点 同时配置策略 如果需要支持凭据,则为单独的起源

我的代码在 Blazor

using (HttpClient http = new HttpClient()) {
http.DefaultRequestHeaders.Add("Authorization", "Token");
var response = await http.GetStringAsync("https://example.com?prm=2");
Console.WriteLine(response);
dynamicContent = response;
}

在启用 Cors 之前,我在浏览器控制台中看到另一个错误

为了解决这个问题,我能改变什么?

81538 次浏览
小开
最佳答案

You should have provided the rest of your code... Is this a Blazor client application or Razor Components application (formally known as Server-Side Blazor) ? I guess this is a Blazor client application, right ? Why do you instantiate an HttpClient ? You should use DI (Perhaps Constructor Injection) instead, injecting an HttpClient instance provided by Blazor itself.

The problem is probably server side, though it surfaces as a client one... Try the following:

Get https://www.nuget.org/packages/Microsoft.AspNetCore.Cors/

public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader());
});
.....
}

And this:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseCors("CorsPolicy");
}

Note, once again: CORS needs to be enabled on the server side, not in blazor. See https://learn.microsoft.com/en-us/aspnet/core/security/cors for details on how to enable CORS in ASP.NET Core.

Blazor:

 @page "/<template>"
@inject HttpClient Http




@functions {


protected override async Task OnInitAsync()
{
var response= await Http.GetJsonAsync<string>
("https://example.com?prm=2");


}


}

Hope this helps...

小开

I had the same issue and I removed AllowCredentials() that fixed the issue for me.

小开

It's little bit late, but I hope it could be helpful for someone.

If you want AllowCredentials() and AllowAnyOrigin() together just use SetIsOriginAllowed(Func<string,bool> predicate)

doc about IsOriginAllowed

        services
.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
);


options.AddPolicy("signalr",
builder => builder
.AllowAnyMethod()
.AllowAnyHeader()


.AllowCredentials()
.SetIsOriginAllowed(hostName => true));
});
小开

I also faced same issue, and I found solution here:

Setup Any Origin And Any Credentials

Change your CORS setup in startup.cs file like this

public void ConfigureServices(IServiceCollection services)
{
// ...
services.AddCors(options =>
{
options.AddDefaultPolicy(builder =>
builder.SetIsOriginAllowed(_ => true)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
}

It works for me.

小开

You cannot use both AllowAnyOrigin() and AllowCredentials() at the sametime so change your code to:

...
services.AddCors();
...
app.UseCors(builder => builder
.WithOrigins("https://example.com")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
小开

I had the same issue, the problem was solved by removing slash( / ) from the ending of URL, because I always copy and paste urls from chrome browser and it has the / at the end :

  .WithOrigins("https://localhost:60576/")  // not working

but

  .WithOrigins("https://localhost:60576")  // working  !!!
小开

Step 1 Install nuGet package :
Microsoft.AspNetCore.Cors

Step 2 add

services.AddCors();

in startup.cs under ConfigureServices

Step 3 add

    app.UseCors(x => x
.AllowAnyMethod()
.AllowAnyHeader()
.SetIsOriginAllowed(origin => true) // allow any origin
.AllowCredentials());

in startup.cs under Configure


提交答案