启用Cors .web api核心1.1凭证
问题描述:
我正在使用web api核心1.1和角度2. 我使用凭证,如每个HTTP请求的令牌和https。在Internet Explorer中启动时一切正常,但使用chrome和firefox时,出现错误提取我的凭据和Http请求。有人可以告诉我为什么我会出错吗?感谢启用Cors .web api核心1.1凭证
public void ConfigureServices(IServiceCollection services)
{
...
services.AddCors(opt =>
{
opt.AddPolicy("MyCorsPolicy", builder =>
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
services.AddMvc();
...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
...
app.UseCors("MyCorsPolicy");
app.UseMvc();
...
}
我NG2代码:
import {Injectable, OnInit} from '@angular/core'
import {Headers, Http, Response} from '@angular/http';
import {Observable} from 'rxjs/Observable';
@Injectable()
export class MyApiCallService implements OnInit{
constructor(private http: Http) { }
ngOnInit() {
this.fetchCredentials
.subscribe(c => this.token = c
,error => { console.log(error) });
}
private fetchCredentials(): Observable<any> {
var apiUrl = 'http://localhost:2762/api/someEndpoint';
return this.http.get(apiUrl,{ withCredentials: true })
.map(response => response.json())
.catch(this.handleError);
}
}
答
默认情况下,它会清除所有自定义标头。
你必须使用WithExposedHeaders("HeaderName")
例如:
app.UseCors(options =>
{
options.AllowAnyHeader();
options.WithExposedHeaders("X-Pagination");
options.AllowAnyOrigin();
options.AllowAnyMethod();
});
所以,当你将来自客户端的HTTP调用,你就可以看到你的头。
不幸的是它仍然没有工作 – NewbeeNeedsHelp