我正在将 .net 4.5.2 项目更新为 .Net 核心 web api。现在,Cors 根据 appSetting 值设置如下CorsAllowAll:if ((ConfigurationManager.AppSettings["CorsAllowAll"] ?? "false") == "true"){ appBuilder.UseCors(CorsOptions.AllowAll);}else{ ConfigureCors(appBuilder);}private void ConfigureCors(IAppBuilder appBuilder){ appBuilder.UseCors(new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => { var policy = new CorsPolicy(); policy.Headers.Add("Content-Type"); policy.Headers.Add("Accept"); policy.Headers.Add("Auth-Token"); policy.Methods.Add("GET"); policy.Methods.Add("POST"); policy.Methods.Add("PUT"); policy.Methods.Add("DELETE"); policy.SupportsCredentials = true; policy.PreflightMaxAge = 1728000; policy.AllowAnyOrigin = true; return Task.FromResult(policy); } } });}如何在 .net core 中实现相同的目标?不幸的是,我不会知道每个环境的 URL。但我知道对于本地、DEV 和 QA 环境,appSettingCorsAllowAll是真的。但是在 UAT 和 PROD 环境中它会是假的。更新 我的 appSettings.json 如下所示:"AppSettings": { ... "CorsAllowAll": true ... }
2 回答
慕工程0101907
TA贡献1887条经验 获得超5个赞
在ConfigureServices方法,定义了两个政策即CorsAllowAll与CorsAllowSpecific
services.AddCors(options =>
{
options.AddPolicy("CorsAllowAll",
builder =>
{
builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
options.AddPolicy("CorsAllowSpecific",
p => p.WithHeaders("Content-Type","Accept","Auth-Token")
.WithMethods("POST","PUT","DELETE")
.SetPreflightMaxAge(new TimeSpan(1728000))
.AllowAnyOrigin()
.AllowCredentials()
);
});
CorsAllowAll可以从IConfigurationStartup.cs 中访问设置值。根据它的值,可以Configure在调用之前在方法中全局设置定义的策略之一app.UseMvc()。
//Read value from appsettings
var corsAllowAll = Configuration["AppSettings:CorsAllowAll"] ?? "false";
app.UseCors(corsAllowAll == "true"? "CorsAllowAll" : "CorsAllowSpecific");
- 2 回答
- 0 关注
- 440 浏览
添加回答
举报
0/150
提交
取消