为所有控制器启用 CORS 策略

要在所有 MVC 控制器上启用 CORS 策略,你必须在 ConfigureServices 方法中的 AddCors 扩展中构建策略,然后在 CorsAuthorizationFilterFactory 上设置策略

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Cors.Internal;
...
public void ConfigureServices(IServiceCollection services) {
    // Add AllowAll policy just like in single controller example.
    services.AddCors(options => {
        options.AddPolicy("AllowAll",
           builder => {
                builder.AllowAnyOrigin()
                       .AllowAnyMethod()
                       .AllowAnyHeader();
        });
    });

    // Add framework services.
    services.AddMvc();

    services.Configure<MvcOptions>(options => {
        options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAll"));
    });
}

public void Configure(IApplicationBuilder app) {
    app.useMvc();
    // For content not managed within MVC. You may want to set the Cors middleware
    // to use the same policy.
    app.UseCors("AllowAll");
}

可以在控制器或操作的基础上覆盖此 CORS 策略,但这可以设置整个应用程序的默认值。