为所有控制器启用 CORS 策略
要在所有 MVC 控制器上启用 CORS 策略,你必须在 ConfigureServices 方法中的 AddCors 扩展中构建策略,然后在 CorsAuthorizationFilterFactory
上设置策略
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Cors.Internal;
...
public void ConfigureServices(IServiceCollection services) {
// Add AllowAll policy just like in single controller example.
services.AddCors(options => {
options.AddPolicy("AllowAll",
builder => {
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
});
// Add framework services.
services.AddMvc();
services.Configure<MvcOptions>(options => {
options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAll"));
});
}
public void Configure(IApplicationBuilder app) {
app.useMvc();
// For content not managed within MVC. You may want to set the Cors middleware
// to use the same policy.
app.UseCors("AllowAll");
}
可以在控制器或操作的基础上覆盖此 CORS 策略,但这可以设置整个应用程序的默认值。