Benutzer:MovGP0/ASP.NET Core/CORS

aus Wikipedia, der freien Enzyklopädie
Zur Navigation springen Zur Suche springen
   MovGP0        Über mich        Hilfen        Artikel        Weblinks        Literatur        Zitate        Notizen        Programmierung        MSCert        Physik      
Programmierung
ASP.NET
Common

OWIN • Razor • WebForms • MVC • WebAPI

Core

Configuration • Data Protection API • Dependency Injection • Routing

Attack Vectors

HTTPS • HSTS • HPKP • CSP • CSRF • Anti-XSS • CORS • Open Redirection • Click-Jacking

Libraries

OpenID • Azure AD


Cross-Origin Resource Sharing

[Bearbeiten | Quelltext bearbeiten]
  • Allows AJAX calls to other domains that the domain where the JavaScript script was loaded from
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
    services.AddCors(options =>
    {
        options.AddPolicy("CorsPolicy", builder => builder
            .WithOrigins("http://example.com")
            .AllowAnyMethod()
            .AllowAnyHeader()
            .AllowCredentials());
    });
}


public void Configure(IApplicationBuilder app)
{
    app.UseCors(c => c.WithOrigins("http://example.com")); // default policy
    app.UseCors("CorsPolicy"); // named policy

    // ensure UseCors() is called before this
    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
    });
}
  • use [EnableCors("CorsPolicy")] to enable policies on specific controllers.

Quellen

[Bearbeiten | Quelltext bearbeiten]

|}

Abgerufen von „https://de.wikipedia.org/w/index.php?title=Benutzer:MovGP0/ASP.NET_Core/CORS&oldid=237981474