Не удаетя одолеть CORS

Рейтинг: 0Ответов: 0Опубликовано: 29.05.2023

Всем привет. Не удается разобраться с CORS, помогите, пожалуйста.

На фронте (VUE) имеются вот такие настройки для axios

instance.defaults.headers.common['Access-Control-Allow-Origin'] = process.env.VUE_APP_LOCAL_URL!
instance.defaults.headers.common['Access-Control-Allow-Credentials'] = 'true'
instance.defaults.headers.common['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, OPTIONS'
instance.defaults.headers.common['Access-Control-Allow-Headers'] = 'Origin, Content-Type, X-Auth-Token'
instance.defaults.xsrfCookieName = 'csrftoken'
instance.defaults.xsrfHeaderName = 'X-CSRFTOKEN'

На бэкэнде (C#) следующее:

const string corsPolicy = "corsPolicy";
builder.Services.AddCors(options =>
{
    options.AddPolicy(corsPolicy, policy =>
    {
        policy
             .AllowAnyHeader()
             .AllowAnyMethod()
             .SetIsOriginAllowed(origin => true)
             .AllowCredentials();
    });
});

Локально проблема не проявляется. Все работает. Но после публикации на сервере сыпятся CORS

Локальные заголовки Option запроса

:authority: localhost:62332
:method: OPTIONS
:path: /Authorization/GetToken
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: ru,en;q=0.9
access-control-request-headers: access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,content-type
access-control-request-method: POST
origin: http://localhost:8080
referer: http://localhost:8080/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 YaBrowser/23.3.4.603 Yowser/2.5 Safari/537.36

Локальные заголовки Option ответа:

access-control-allow-credentials: true
access-control-allow-headers: access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,content-type
access-control-allow-methods: POST
access-control-allow-origin: http://localhost:8080
date: Mon, 29 May 2023 14:53:31 GMT
server: Kestrel
vary: Origin

Локальные заголовки POST запроса:

:authority: localhost:62332
:method: POST
:path: /Authorization/GetToken
:scheme: https
accept: application/json, text/plain, */*
accept-encoding: gzip, deflate, br
accept-language: ru,en;q=0.9
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, X-Auth-Token
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: https://localhost:62332/
authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVc2VySWQiOiI0OWIwNjY2ZS00M2Y2LWU5MTEtODExOS0wMDUwNTY4MjNmZjgiLCJuYmYiOjE2ODUzNzIwMDIsImV4cCI6MTY4NTQ1ODQwMn0.ogGrB7YRtheUNY7VR7Bhxx_0v-vgYMBKE3vqZZOG9gM
content-length: 40
content-type: application/json
origin: http://localhost:8080
referer: http://localhost:8080/
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "YaBrowser";v="23"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 YaBrowser/23.3.4.603 Yowser/2.5 Safari/537.36

Локальные заголовки ответа на POST запрос:

access-control-allow-credentials: true
access-control-allow-origin: http://localhost:8080
content-type: application/json; charset=utf-8
date: Mon, 29 May 2023 14:53:31 GMT
server: Kestrel
vary: Origin

Заголвок запроса Option на сервере

Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en,ru;q=0.9,ru-RU;q=0.8,en-US;q=0.7
Access-Control-Request-Headers: access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,content-type
Access-Control-Request-Method: POST
Connection: keep-alive
Host: 10.10.105.172:96
Origin: http://10.10.105.172:76
Referer: http://10.10.105.172:76/
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36

Заголоки Option ответа на сервере:

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: access-control-allow-credentials,access-control-allow-headers,access-control-allow-methods,access-control-allow-origin,authorization,content-type
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: http://10.10.105.172:76
Date: Mon, 29 May 2023 14:04:01 GMT
Server: Kestrel
Vary: Origin

Заголовки POST запроса на сервере (Статус код 401, в ответ на него приходит CORS)

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate
Accept-Language: en,ru;q=0.9,ru-RU;q=0.8,en-US;q=0.7
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin: *
Authorization: Bearer *тут токен*
Connection: keep-alive
Content-Length: 37
Content-Type: application/json
Host: 10.10.105.172:96
Origin: http://10.10.105.172:76
Referer: http://10.10.105.172:76/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36

И заголовки ответа POST на сервере:

Date: Mon, 29 May 2023 14:04:01 GMT
Server: Kestrel
Transfer-Encoding: chunked
c# javascript cors
Источник: Stack Overflow на русском

Ответы

Ответов пока нет.