跨域问题
技术栈:VUE+AXIOS+ASP.NET CORE MVC 2.2
一、axios.js配置
import axios from 'axios'
//全局配置
//withCredentials可以让浏览器在请求不同域名时进行cookie的写入和携带
axios.defaults.withCredentials=true
//request请求拦截
//response响应拦截
export default axios
二、后端配置
2.2版本:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy", policy =>
{
policy.WithOrigins("http://localhost:8080")
.AllowAnyHeader()
.AllowAnyMethod()
//.AllowAnyOrigin()
.AllowCredentials();
});
});
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Account/login";
options.LogoutPath = "/Account/Logout";
options.AccessDeniedPath = "/Account/NoRight";
//主要此行代码同源策略模式
options.Cookie.SameSite = SameSiteMode.None;
});
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseCors("CorsPolicy");
app.UseAuthentication();
//app.UseHttpsRedirection();
app.UseStaticFiles();
//app.UseCookiePolicy();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
重点:options.Cookie.SameSite = SameSiteMode.None; 不加的话response中的set-cookies如下,会照成浏览器写不了cookie
.AspNetCore.Cookies=CfDJ8JMnGsfJXpBMhyp-7p4_e6o5hBUgvFeuKceUfGB_t9fzLdxAMKduJKHhU; path=/; secure; samesite=lax; httponly
1.1版本:
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
// 跨域请求设置
var urls = "http://localhost:8080/"; //
services.AddCors(options =>
options.AddPolicy("CorsPolicy",
builder => builder.WithOrigins(urls)
.AllowAnyMethod()
.AllowAnyHeader()
.AllowAnyOrigin()
.AllowCredentials()
));
// mvc设置
services.AddMvc();
// 身份验证
services.AddAuthorization();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseBrowserLink();
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseStaticFiles();
// 身份验证
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookie",
LoginPath = new PathString("/Account/Login")
});
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
通过以上配置生成response中的set-cookies如下
.AspNetCore.Cookie=CfDJ8JMnGsfJXpBMhyp-qKWbjsno9SFiUmrlVaigeLbzHCtmgVYWxp7-5GLokE; path=/; httponly