using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; namespace CorsServer.WebApi31 { public class Startup { public Startup(IConfiguration configuration,IHostEnvironment hostingEnvironment,IWebHostEnvironment webHostEnvironment) { Configuration = configuration; } public IConfiguration Configuration { get; } public void ConfigureServices(IServiceCollection services) { #region Config services.Configure(Configuration.GetSection("CORS")); #endregion #region CORS AddCors_Test(services); //AddCors_2(services); //AddCors_3(services); //AddCors_4(services); //AddCors_5(services); #endregion services.AddControllers(); } public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IOptionsSnapshot corsOtionsSnapshot) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } //根路径:全局访问前辍 http://www.custom.com/PathBase/ //app.UsePathBase("/api/"); app.UseRouting(); app.UseCors(CorsPolicyNameConst.DefaultPolicyName); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); } /// /// 全部设置项说明 /// private IServiceCollection AddCors_Info(IServiceCollection services) { services.AddCors(setup => { setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build => { build //请求来源 .AllowAnyOrigin() //允许任何请求来源 //.WithOrigins() //允许指定请求来源 .SetIsOriginAllowed(_ => true) //使用Func 委托方法,确定是否允许请求源跨域 .SetIsOriginAllowedToAllowWildcardSubdomains() //允许请求源中使用通配符(*等) //请求方法(POST GET PUT DELETE OPTIONS等) .AllowAnyMethod() //允许所有方法 //.WithMethods() //允许指定方法 //请求头 .AllowAnyHeader() //允许所有请求头 //.WithHeaders() //允许指定请求头 //凭据 .AllowCredentials() //允许凭据:证书中包含缓存(cookies)和HTTP验证协议(HTTP authentication schemes) //.DisallowCredentials() //拒绝凭据 //.WithExposedHeaders() //设置暴露的自定义响应头(默认情况下,浏览器只会暴露默认的响应头给应用,其它自定义影响头不会暴露给应用程序) ; /*特别说明: 出于安全考虑:.net core 2.1开始, AllowAnyOrigin() 和 AllowCredentials() 不能同时使用 解决方案: 1、使用AllowCredentials()时,用.SetIsOriginAllowed(_ => true) 代替 AllowAnyOrigin() 2、使用AllowCredentials()时,用 WithOrigins()指定请求来源(使用SetIsOriginAllowedToAllowWildcardSubdomains()来启用通配符) 代替 AllowAnyOrigin() 3、自定义中间件 */ }); }); return services; } /// /// CORS 模板 /// private IServiceCollection AddCors_Template(IServiceCollection services) { services.AddCors(setup => { var corsOption = services.BuildServiceProvider().GetRequiredService>().Value; setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build => { build //请求来源 .AllowAnyOrigin() //.WithOrigins(corsOption.Origins.ToArray()) //.SetIsOriginAllowed(_ => true) //.SetIsOriginAllowedToAllowWildcardSubdomains() //请求方法(POST GET PUT DELETE OPTIONS等) .AllowAnyMethod() //.WithMethods(corsOption.Methods.ToArray()) //请求头 .AllowAnyHeader() //.WithHeaders(corsOption.Headers.ToArray()) //凭据 //.AllowCredentials() //.DisallowCredentials() //.WithExposedHeaders() ; }); }); return services; } /// /// 测试 /// private IServiceCollection AddCors_Test(IServiceCollection services) { services.AddCors(setup => { setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build => { build //请求来源 .AllowAnyOrigin() //.WithOrigins() //.SetIsOriginAllowed(_ => true) //.SetIsOriginAllowedToAllowWildcardSubdomains() //请求方法(POST GET PUT DELETE OPTIONS等) .AllowAnyMethod() //.WithMethods() //请求头 .AllowAnyHeader() //.WithHeaders() //凭据 //.AllowCredentials() //.DisallowCredentials() //.WithExposedHeaders() ; }); }); return services; } private IServiceCollection AddCors_Single(IServiceCollection services) { services.AddCors(setup => { setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build => { build //请求来源 .AllowAnyOrigin() //.WithOrigins() //.SetIsOriginAllowed(_ => true) //.SetIsOriginAllowedToAllowWildcardSubdomains() //请求方法(POST GET PUT DELETE OPTIONS等) //.AllowAnyMethod() //.WithMethods() //请求头 //.AllowAnyHeader() //.WithHeaders() //凭据 //.AllowCredentials() //.DisallowCredentials() //.WithExposedHeaders() ; }); }); return services; } private IServiceCollection AddCors_All(IServiceCollection services) { services.AddCors(setup => { setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build => { build .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() ; }); }); return services; } private IServiceCollection AddCors_3(IServiceCollection services) { services.AddCors(setup => { var corsOption = services.BuildServiceProvider().GetRequiredService>().Value; setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build => { build .WithOrigins(corsOption.Origins.ToArray()) .WithMethods(corsOption.Methods.ToArray()) .WithHeaders(corsOption.Headers.ToArray()) .WithExposedHeaders(corsOption.ExposedHeaders.ToArray()); }); }); return services; } private IServiceCollection AddCors_4(IServiceCollection services) { services.AddCors(setup => { setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build => { build.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().WithExposedHeaders("x-custom-error"); }); }); return services; } private IServiceCollection AddCors_5(IServiceCollection services) { services.AddCors(setup => { var corsOption = services.BuildServiceProvider().GetRequiredService>().Value; setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, builder => { builder ////.SetIsOriginAllowedToAllowWildcardSubdomains() .WithOrigins("http://localhost:5002") //.AllowAnyMethod() ////.WithMethods(corsOption.Methods.ToArray()) //.AllowAnyHeader() ////.WithHeaders(corsOption.Headers.ToArray()) ////.WithExposedHeaders(corsOption.ExposedHeaders.ToArray()) ; }); }); return services; } } }