You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
287 lines
9.8 KiB
C#
287 lines
9.8 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
|
|
using Microsoft.AspNetCore.Builder;
|
|
using Microsoft.AspNetCore.Hosting;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.Extensions.Hosting;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace CorsServer.WebApi31
|
|
{
|
|
public class Startup
|
|
{
|
|
public Startup(IConfiguration configuration,IHostEnvironment hostingEnvironment,IWebHostEnvironment webHostEnvironment)
|
|
{
|
|
Configuration = configuration;
|
|
}
|
|
|
|
public IConfiguration Configuration { get; }
|
|
|
|
public void ConfigureServices(IServiceCollection services)
|
|
{
|
|
#region Config
|
|
services.Configure<CorsOption>(Configuration.GetSection("CORS"));
|
|
#endregion
|
|
#region CORS
|
|
AddCors_Test(services);
|
|
//AddCors_2(services);
|
|
//AddCors_3(services);
|
|
//AddCors_4(services);
|
|
//AddCors_5(services);
|
|
#endregion
|
|
services.AddControllers();
|
|
}
|
|
|
|
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IOptionsSnapshot<CorsOption> corsOtionsSnapshot)
|
|
{
|
|
if (env.IsDevelopment())
|
|
{
|
|
app.UseDeveloperExceptionPage();
|
|
}
|
|
|
|
//根路径:全局访问前辍 http://www.custom.com/PathBase/
|
|
//app.UsePathBase("/api/");
|
|
|
|
app.UseRouting();
|
|
|
|
app.UseCors(CorsPolicyNameConst.DefaultPolicyName);
|
|
|
|
app.UseAuthorization();
|
|
|
|
app.UseEndpoints(endpoints =>
|
|
{
|
|
endpoints.MapControllers();
|
|
});
|
|
}
|
|
|
|
/// <summary>
|
|
/// 全部设置项说明
|
|
/// </summary>
|
|
private IServiceCollection AddCors_Info(IServiceCollection services)
|
|
{
|
|
services.AddCors(setup =>
|
|
{
|
|
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build =>
|
|
{
|
|
build
|
|
|
|
//请求来源
|
|
.AllowAnyOrigin() //允许任何请求来源
|
|
//.WithOrigins() //允许指定请求来源
|
|
.SetIsOriginAllowed(_ => true) //使用Func<string bool> 委托方法,确定是否允许请求源跨域
|
|
.SetIsOriginAllowedToAllowWildcardSubdomains() //允许请求源中使用通配符(*等)
|
|
|
|
//请求方法(POST GET PUT DELETE OPTIONS等)
|
|
.AllowAnyMethod() //允许所有方法
|
|
//.WithMethods() //允许指定方法
|
|
|
|
//请求头
|
|
.AllowAnyHeader() //允许所有请求头
|
|
//.WithHeaders() //允许指定请求头
|
|
|
|
//凭据
|
|
.AllowCredentials() //允许凭据:证书中包含缓存(cookies)和HTTP验证协议(HTTP authentication schemes)
|
|
//.DisallowCredentials() //拒绝凭据
|
|
|
|
//.WithExposedHeaders() //设置暴露的自定义响应头(默认情况下,浏览器只会暴露默认的响应头给应用,其它自定义影响头不会暴露给应用程序)
|
|
;
|
|
|
|
/*特别说明:
|
|
出于安全考虑:.net core 2.1开始, AllowAnyOrigin() 和 AllowCredentials() 不能同时使用
|
|
解决方案:
|
|
1、使用AllowCredentials()时,用.SetIsOriginAllowed(_ => true) 代替 AllowAnyOrigin()
|
|
2、使用AllowCredentials()时,用 WithOrigins()指定请求来源(使用SetIsOriginAllowedToAllowWildcardSubdomains()来启用通配符) 代替 AllowAnyOrigin()
|
|
3、自定义中间件
|
|
*/
|
|
});
|
|
});
|
|
|
|
return services;
|
|
}
|
|
|
|
/// <summary>
|
|
/// CORS 模板
|
|
/// </summary>
|
|
private IServiceCollection AddCors_Template(IServiceCollection services)
|
|
{
|
|
services.AddCors(setup =>
|
|
{
|
|
var corsOption = services.BuildServiceProvider().GetRequiredService<IOptionsSnapshot<CorsOption>>().Value;
|
|
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build =>
|
|
{
|
|
build
|
|
|
|
//请求来源
|
|
.AllowAnyOrigin()
|
|
//.WithOrigins(corsOption.Origins.ToArray())
|
|
//.SetIsOriginAllowed(_ => true)
|
|
//.SetIsOriginAllowedToAllowWildcardSubdomains()
|
|
|
|
//请求方法(POST GET PUT DELETE OPTIONS等)
|
|
.AllowAnyMethod()
|
|
//.WithMethods(corsOption.Methods.ToArray())
|
|
|
|
//请求头
|
|
.AllowAnyHeader()
|
|
//.WithHeaders(corsOption.Headers.ToArray())
|
|
|
|
//凭据
|
|
//.AllowCredentials()
|
|
//.DisallowCredentials()
|
|
|
|
//.WithExposedHeaders()
|
|
;
|
|
});
|
|
});
|
|
|
|
return services;
|
|
}
|
|
|
|
/// <summary>
|
|
/// 测试
|
|
/// </summary>
|
|
private IServiceCollection AddCors_Test(IServiceCollection services)
|
|
{
|
|
services.AddCors(setup =>
|
|
{
|
|
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build =>
|
|
{
|
|
build
|
|
|
|
//请求来源
|
|
.AllowAnyOrigin()
|
|
//.WithOrigins()
|
|
//.SetIsOriginAllowed(_ => true)
|
|
//.SetIsOriginAllowedToAllowWildcardSubdomains()
|
|
|
|
//请求方法(POST GET PUT DELETE OPTIONS等)
|
|
.AllowAnyMethod()
|
|
//.WithMethods()
|
|
|
|
//请求头
|
|
.AllowAnyHeader()
|
|
//.WithHeaders()
|
|
|
|
//凭据
|
|
//.AllowCredentials()
|
|
//.DisallowCredentials()
|
|
|
|
//.WithExposedHeaders()
|
|
;
|
|
});
|
|
});
|
|
|
|
return services;
|
|
}
|
|
|
|
private IServiceCollection AddCors_Single(IServiceCollection services)
|
|
{
|
|
services.AddCors(setup =>
|
|
{
|
|
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build =>
|
|
{
|
|
build
|
|
|
|
//请求来源
|
|
.AllowAnyOrigin()
|
|
//.WithOrigins()
|
|
//.SetIsOriginAllowed(_ => true)
|
|
//.SetIsOriginAllowedToAllowWildcardSubdomains()
|
|
|
|
//请求方法(POST GET PUT DELETE OPTIONS等)
|
|
//.AllowAnyMethod()
|
|
//.WithMethods()
|
|
|
|
//请求头
|
|
//.AllowAnyHeader()
|
|
//.WithHeaders()
|
|
|
|
//凭据
|
|
//.AllowCredentials()
|
|
//.DisallowCredentials()
|
|
|
|
//.WithExposedHeaders()
|
|
;
|
|
});
|
|
});
|
|
|
|
return services;
|
|
}
|
|
|
|
private IServiceCollection AddCors_All(IServiceCollection services)
|
|
{
|
|
services.AddCors(setup =>
|
|
{
|
|
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build =>
|
|
{
|
|
build
|
|
.AllowAnyOrigin()
|
|
.AllowAnyMethod()
|
|
.AllowAnyHeader()
|
|
;
|
|
});
|
|
});
|
|
|
|
return services;
|
|
}
|
|
|
|
private IServiceCollection AddCors_3(IServiceCollection services)
|
|
{
|
|
services.AddCors(setup =>
|
|
{
|
|
var corsOption = services.BuildServiceProvider().GetRequiredService<IOptionsSnapshot<CorsOption>>().Value;
|
|
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build =>
|
|
{
|
|
build
|
|
.WithOrigins(corsOption.Origins.ToArray())
|
|
.WithMethods(corsOption.Methods.ToArray())
|
|
.WithHeaders(corsOption.Headers.ToArray())
|
|
.WithExposedHeaders(corsOption.ExposedHeaders.ToArray());
|
|
});
|
|
});
|
|
|
|
return services;
|
|
}
|
|
|
|
private IServiceCollection AddCors_4(IServiceCollection services)
|
|
{
|
|
services.AddCors(setup =>
|
|
{
|
|
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, build =>
|
|
{
|
|
build.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().WithExposedHeaders("x-custom-error");
|
|
});
|
|
});
|
|
return services;
|
|
}
|
|
|
|
private IServiceCollection AddCors_5(IServiceCollection services)
|
|
{
|
|
services.AddCors(setup =>
|
|
{
|
|
var corsOption = services.BuildServiceProvider().GetRequiredService<IOptionsSnapshot<CorsOption>>().Value;
|
|
setup.AddPolicy(CorsPolicyNameConst.DefaultPolicyName, builder =>
|
|
{
|
|
builder
|
|
////.SetIsOriginAllowedToAllowWildcardSubdomains()
|
|
.WithOrigins("http://localhost:5002")
|
|
//.AllowAnyMethod()
|
|
////.WithMethods(corsOption.Methods.ToArray())
|
|
//.AllowAnyHeader()
|
|
////.WithHeaders(corsOption.Headers.ToArray())
|
|
////.WithExposedHeaders(corsOption.ExposedHeaders.ToArray())
|
|
;
|
|
});
|
|
});
|
|
|
|
return services;
|
|
}
|
|
}
|
|
}
|