CORS:凭据模式为'include‘

link之家

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

痴情的冲锋衣 · DLL搜索路径和DLL劫持-阿里云开发者社区· 2 年前 ·

纯真的石榴 · React 项目中使用 ...· 2 年前 ·

孤独的火龙果 · php ...· 2 年前 ·

英姿勃勃的伤疤 · 一篇教你代码同步 Github 和 ...· 3 年前 ·

腾讯云

开发者社区

文档意见反馈控制台

首页 TVP

文章/答案/技术大牛

发布

public static class WebApiConfig
    public static void Register(HttpConfiguration config)
        EnableCrossSiteRequests(config);
    private static void EnableCrossSiteRequests(HttpConfiguration config)
        var cors = new EnableCorsAttribute("*", "*", "*")
            SupportsCredentials = true
        config.EnableCors(cors);
}

public void Configuration(IAppBuilder app)
    HttpConfiguration config = new HttpConfiguration();
    ConfigureOAuth(app);
    WebApiConfig.Register(config);
    app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
    app.UseWebApi(config);
}

constructor(public http: HttpClient) {
public get(url: string = ''): Observable<any> {
    return this.http.get(url, { withCredentials: true });
}

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        // This Origin header you can see that in Network tab
        configuration.setAllowedOrigins(Arrays.asList("http:/url_1", "http:/url_2")); 
        configuration.setAllowedMethods(Arrays.asList("GET","POST"));
        configuration.setAllowedHeaders(Arrays.asList("content-type"));
        configuration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and()...
}

if ('withCredentials' in xhr) {
 xhr.withCredentials = true;
}

var cors = require('cors');    
app.use(cors({credentials: true, origin: 'http://localhost:5000'}));

services.AddCors(o => {
    o.AddPolicy("AllowSetOrigins", options =>
        options.WithOrigins("https://localhost:xxxx");
        options.AllowAnyHeader();
        options.AllowAnyMethod();
        options.AllowCredentials();

5 个回答