為所有控制器啟用 CORS 策略
要在所有 MVC 控制器上啟用 CORS 策略,你必須在 ConfigureServices 方法中的 AddCors 擴充套件中構建策略,然後在 CorsAuthorizationFilterFactory
上設定策略
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Cors.Internal;
...
public void ConfigureServices(IServiceCollection services) {
// Add AllowAll policy just like in single controller example.
services.AddCors(options => {
options.AddPolicy("AllowAll",
builder => {
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
});
// Add framework services.
services.AddMvc();
services.Configure<MvcOptions>(options => {
options.Filters.Add(new CorsAuthorizationFilterFactory("AllowAll"));
});
}
public void Configure(IApplicationBuilder app) {
app.useMvc();
// For content not managed within MVC. You may want to set the Cors middleware
// to use the same policy.
app.UseCors("AllowAll");
}
可以在控制器或操作的基礎上覆蓋此 CORS 策略,但這可以設定整個應用程式的預設值。