Chrome throws CORS error when calling https from http, and ASP Core does not send CORS header -
is request considered cors if between addresses in same domain different protocol?
because code 401 in console:
xmlhttprequest cannot load https://xxx.yyy.com/appname/css/left-pane-menu.component.min.css. no 'access-control-allow-origin' header present on requested resource. origin 'http://xxx.yyy.com' therefore not allowed access. response had http status code 401.
on 1 hand, asp core not send cors headers same origin, on other chrome not accept request other protocol. wow.
what options besides calling resources same protocol. can't that. need call https due azure enterprise proxy setting mislead site thinking called http when called https base url tag in html set http://xxx.yyy.com/myapp , chrome throw cannot access insecure resources secure connection.
my startup.cs looks this:
public void configureservices(iservicecollection services) { services.addcors(); services.addmvc() .addjsonoptions(x => { x.serializersettings.referenceloophandling = referenceloophandling.ignore; }); } public void configure(iapplicationbuilder app, ihostingenvironment env, iloggerfactory loggerfactory) { app.usecors(c=> c .allowanyorigin() .allowanymethod() .allowanyheader() .allowcredentials() ); app.useresponsecompression(); app.usestaticfiles(new staticfileoptions()); app.usemvc(routes => { routes.maproute( name: "default", template: "{controller=home}/{action=index}/{id?}"); routes.mapspafallbackroute("spa-fallback", new { controller = "home", action = "index" }); }); }
you'd need setup cors that, because https://xxx.yyy.com
, http://xxx.yyy.com
treated different origins.
the reason behind is, different port classified different origins , http runs on port 80 , https on 443.
some browsers treat differently, i.e. internet explorer did (or used to, not sure if still true new versions) treat different ports same original, firefox , chrome don't (which correct behavior according specs).
options.addpolicy("yyyorigin", policybuilder => { policybuilder // need specify both .withorigins("https://xxx.yyy.com", "http://xxx.yyy.com") .allowanymethod() .allowanyheader(); }); app.usecors("yyyorigin");
Comments
Post a Comment