【发布时间】:2015-06-03 10:51:16
【问题描述】:
我有一个自定义 cors 策略,如下所示,我将 support-credentials 设置为 false
public class CorsProviderFactory : ICorsPolicyProviderFactory
{
//https://msdn.microsoft.com/en-us/magazine/dn532203.aspx
public ICorsPolicyProvider GetCorsPolicyProvider(
HttpRequestMessage request)
{
return new CorsPolicyProviderCustom();
}
public class CorsPolicyProviderCustom : Attribute, ICorsPolicyProvider
{
private readonly CorsPolicy _policy;
public CorsPolicyProviderCustom()
{
// Create a CORS policy.
_policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
AllowAnyOrigin = true,
SupportsCredentials = false
};
// Magic line right here
_policy.Origins.Add("*");
_policy.Methods.Add("*");
}
public Task<CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
return Task.FromResult(_policy);
}
}
}
并像这样使用它:
public static HttpConfiguration Register()
{
var config = new HttpConfiguration();
config.SetCorsPolicyProviderFactory(new CorsProviderFactory());
config.EnableCors();
.................
}
但即便如此,在我看到的邮递员回复中,support-credentials 还是正确的
我怎样才能让支持凭据为假,断点确实到达了自定义策略部分,那么为什么它不起作用:(
【问题讨论】:
标签: angularjs asp.net-web-api asp.net-web-api2 owin