啓用Cors .web api核心1.1憑證

Question

我正在使用web api核心1.1和角度2. 我使用憑證，如每個HTTP請求的令牌和https。在Internet Explorer中啓動時一切正常，但使用chrome和firefox時，出現錯誤提取我的憑據和Http請求。有人可以告訴我爲什麼我會出錯嗎？感謝

public void ConfigureServices(IServiceCollection services) 
{ 
    ... 
    services.AddCors(opt => 
    { 
     opt.AddPolicy("MyCorsPolicy", builder => 
      builder.AllowAnyOrigin() 
      .AllowAnyMethod() 
      .AllowAnyHeader() 
      .AllowCredentials()); 
    }); 
    services.AddMvc(); 
    ... 
} 


public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) 
{ 
    ... 
    app.UseCors("MyCorsPolicy"); 
    app.UseMvc(); 
    ... 
} 

我NG2代碼：

import {Injectable, OnInit} from '@angular/core' 
import {Headers, Http, Response} from '@angular/http'; 
import {Observable} from 'rxjs/Observable'; 


@Injectable() 
export class MyApiCallService implements OnInit{ 

constructor(private http: Http) { } 

ngOnInit() { 
    this.fetchCredentials 
     .subscribe(c => this.token = c 
     ,error => { console.log(error) }); 
} 
private fetchCredentials(): Observable<any> { 

    var apiUrl = 'http://localhost:2762/api/someEndpoint'; 
    return this.http.get(apiUrl,{ withCredentials: true }) 
       .map(response => response.json()) 
       .catch(this.handleError); 
    } 

} 

Answer 1

默認情況下，它會清除所有自定義標頭。

你必須使用WithExposedHeaders("HeaderName")

例如：

 app.UseCors(options => 
    { 
     options.AllowAnyHeader(); 
     options.WithExposedHeaders("X-Pagination"); 
     options.AllowAnyOrigin(); 
     options.AllowAnyMethod(); 
    }); 

所以，當你將來自客戶端的HTTP調用，你就可以看到你的頭。