5

我正在将 .net 4.5.2 项目更新为 .Net core web api。现在,Cors 根据 appSetting 值设置如下CorsAllowAll

if ((ConfigurationManager.AppSettings["CorsAllowAll"] ?? "false") == "true")
{
    appBuilder.UseCors(CorsOptions.AllowAll);
}
else
{
    ConfigureCors(appBuilder);
}

private void ConfigureCors(IAppBuilder appBuilder)
{
    appBuilder.UseCors(new CorsOptions
    {
    PolicyProvider = new CorsPolicyProvider
    {
        PolicyResolver = context =>
        {
           var policy = new CorsPolicy();
           policy.Headers.Add("Content-Type");
           policy.Headers.Add("Accept");
           policy.Headers.Add("Auth-Token");
           policy.Methods.Add("GET");
           policy.Methods.Add("POST");
           policy.Methods.Add("PUT");
           policy.Methods.Add("DELETE");
           policy.SupportsCredentials = true;
           policy.PreflightMaxAge = 1728000;
           policy.AllowAnyOrigin = true;
           return Task.FromResult(policy);
        }
    }
    });
}

如何在 .net 核心中实现相同的目标?不幸的是,我不会知道每个环境的 URL。但我确实知道对于本地、DEV 和 QA 环境,appSettingCorsAllowAll是正确的。但是 UAT 和 PROD 环境是错误的。

更新 我的 appSettings.json 如下所示:

"AppSettings": {
    ...
    "CorsAllowAll": true 
    ...
  }
4

2 回答 2

16

这种方法效果很好。WithOrigins接受字符串 [],因此您可以将 appsettings 值拆分为其他值;

应用设置.json


  {
  "AllowedOrigins": "http://localhost:8080;http://localhost:3000"
  }

启动.cs

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ApplicationDbContext dbContext, IOptions<AppSettings> appSettings)

if (!String.IsNullOrEmpty(_appSettings.AllowedOrigins))
       {
          var origins = _appSettings.AllowedOrigins.Split(";");
          app.UseCors(x => x
                    .WithOrigins(origins)
                    .AllowAnyMethod()
                    .AllowCredentials()
                    .AllowAnyHeader());
       }

这种分号格式的主要原因是因为它类似于 Application\Properties\launchSettings.json

...
"profiles": {
        "IIS Express": {
            "commandName": "IISExpress",
            "launchBrowser": true,
            "launchUrl": "api/values",
            "environmentVariables": {
                "ASPNETCORE_ENVIRONMENT": "Development"
            }
        },
        "Application": {
            "commandName": "Project",
            "launchBrowser": true,
            "launchUrl": "api/values",
            "applicationUrl": "http://localhost:5000;http://192.168.50.20:5000",
            "environmentVariables": {
                "ASPNETCORE_ENVIRONMENT": "Development"
            }
        }
    }
...
于 2019-10-04T03:03:28.943 回答
3

在 ConfigureServices 方法中,定义两个策略,CorsAllowAllCorsAllowSpecific

services.AddCors(options =>
            {
                options.AddPolicy("CorsAllowAll",
                    builder =>
                    {
                        builder
                        .AllowAnyOrigin() 
                        .AllowAnyMethod()
                        .AllowAnyHeader()
                        .AllowCredentials();
                    });                    

                options.AddPolicy("CorsAllowSpecific",
                    p => p.WithHeaders("Content-Type","Accept","Auth-Token")
                        .WithMethods("POST","PUT","DELETE")
                        .SetPreflightMaxAge(new TimeSpan(1728000))
                        .AllowAnyOrigin()
                        .AllowCredentials()
                    ); 
            });

CorsAllowAll可以从IConfigurationStartup.cs中访问设置值。根据其值,可以Configure在调用之前在方法中全局设置定义的策略之一app.UseMvc()

//Read value from appsettings
var corsAllowAll = Configuration["AppSettings:CorsAllowAll"] ?? "false";
app.UseCors(corsAllowAll == "true"? "CorsAllowAll" : "CorsAllowSpecific");
于 2018-05-22T19:28:47.917 回答