Nonsense:
Used to look at others blog, but even comments are too lazy to give one, so the heart has guilt, began to write something. I am not a coder born, just see more, understand some, understand some ideas, do not coding, also will see the change of words recorded down. Having recently learned about the pipeline of ASP. NET core, I have known cors and this article is to translate the Microsoft Knowledge Document about Cors in your own words.
Body:
Reference:
Https://docs.microsoft.com/en-us/aspnet/core/security/cors
CORS (cross Origin Resource sharing) is a way to share across domains, due to the limitations of browser "Same-origin" (homologous policy), which is produced in practical application, the same as the world standard
As for what is Same-origin:
- Protocols, such as HTTP, HTTPS, file, etc.
- domains, such as www.baiud.com
- Same port
How to use Cors
use method One : Global application
. NET core cors module in Microsoft.AspNetCore.Cors's NuGet package
Configuring Cors in Services and middleware in ASP.
To add a reference:
Using Microsoft.AspNetCore.Cors
Startup.cs
public void Configurationservices (iservicecollection services) { services. Addcors ()}public void Configure (Iapplicationbuilder app,ihostingenviroment env,iloggerfactory loggerfactory) {app. Usecors (builder=> Builder. Withorigins ("http://localhost:5000");}
Attention:
- Addcors () takes precedence over any other service
- Builder. Withorigins (URL) parameter cannot end with '/'
- Builder has some chain method, which is used for filtering requests and can be consulted on its own
use method two : Name using
Define one or more cors policies to use in attribute based on the name of the policy on the Controller, class, function, etc.
Startup.cs
public void Configureservices (iservicecollection services) { services. Addcors (options = options. Addpolicy ("Allowaorigin", builder = Builder. Withorigins ("http://example.com")); Options. Addpolicy ("Allowborigin", builder = Builder. Withorigins ("http://example.com"))}); } public void Configure (Iapplicationbuilder app, Ihostingenvironment env, Iloggerfactory loggerfactory) {app. Usecors ("Allowaorigin");} If you are an MVC APP, you only need the add service and you don't need to configure middleware
Using Cors in attribute
[HttpGet] [Enablecors ("Allowspecificorigin")]public ienumerable<string> Get () { return new string[] {"Value1", " Value2 "};}
Restrict all controllers
public void Configureservices (iservicecollection services) { services. Addmvc (); Services. configure<mvcoptions> (options = options. Filters.add (New Corsauthorizationfilterfactory ("Allowaorigin")); });
Here the basic usage of cors is almost, the details of the site can be seen on the official website documents, English is good to read English documents. I'm not sure how this thing works in real projects, but I use it on the front and back of the separation.
CORS for Aspnetcore