為所有控制器啟用 CORS 策略

Created: November-22, 2018

要在所有 MVC 控制器上啟用 CORS 策略，你必須在 ConfigureServices 方法中的 AddCors 擴充套件中構建策略，然後在 CorsAuthorizationFilterFactory 上設定策略

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Cors.Internal;
...
public void ConfigureServices(IServiceCollection services) {
    // Add AllowAll policy just like in single controller example.
    services.AddCors(options => {
        options.AddPolicy("AllowAll",
           builder => {
                builder.AllowAnyOrigin()
                       .AllowAnyMethod()
                       .AllowAnyHeader();
        });
    });

    // Add framework services.
    services.AddMvc();

    services.Configure<MvcOptions>(options => {
        options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAll"));
    });
}

public void Configure(IApplicationBuilder app) {
    app.useMvc();
    // For content not managed within MVC. You may want to set the Cors middleware
    // to use the same policy.
    app.UseCors("AllowAll");
}

可以在控制器或操作的基礎上覆蓋此 CORS 策略，但這可以設定整個應用程式的預設值。