GAE Flexible не возвращает правильные заголовки ответа с помощью CORS

Question

Использование Google App Engine для запуска приложения Angular, которое взаимодействует с .NET Core API. Однако у меня возникли проблемы с CORS.

.NET Core API работает на GAE Flexible со следующим OpenAPI.yaml:

# [START swagger]
swagger: "2.0"
info:
  description: "A simple Google Cloud Endpoints API example."
  title: "Endpoints Example"
  version: "1.0.0"
host: "myapi.appspot.com"
x-google-endpoints:
- name: "myapi.appspot.com"
  allowCors: "true"
# [END swagger]
consumes:
  - "application/json"
produces:
  - "application/json"
schemes:
  - "https"
paths:
  "/api/mailinglist":
    post:
      description: "Echo back a given message."
      operationId: "mailinglist"
      produces:
        - "application/json"
      responses:
        200:
          description: "Echo"
          schema:
            $ref: "#/definitions/echoMessage"
      parameters:
        -
          description: "Message to echo"
          in: body
          name: message
          required: true
          schema:
            $ref: "#/definitions/echoMessage"
definitions:
  echoMessage:
    type: "object"
    properties:
      message:
        type: "string"
  authInfoResponse:
    properties:
      id:
        type: "string"
      email:
        type: "string"

Я, очевидно, изменил свой фактический домен APIна myapi ...

Ниже приведены заголовки, которые отправляются / возвращаются. Что касается меня, я не могу понять, почему Access-Control-Allow-Origin вообще не отправляется.

И, наконец, мой код API:

public class Startup
{
    private readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

        services.AddCors(options =>
        {
            options.AddPolicy(MyAllowSpecificOrigins, builder =>
            {
                builder.AllowAnyOrigin().AllowAnyHeader();
            });
        });
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseHsts();
        }

        app.UseCors(MyAllowSpecificOrigins);

        app.UseHttpsRedirection();
        app.UseMvc();
    }
}

Есть идеи?

Answer 1

Решено.

В своем коде C # я забыл добавить AllowAnyMethod().

public class Startup
{
    private readonly string MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

        services.AddCors(options =>
        {
            options.AddPolicy(MyAllowSpecificOrigins, builder =>
            {
                builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod();
            });
        });
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseHsts();
        }

        app.UseCors(MyAllowSpecificOrigins);

        app.UseHttpsRedirection();
        app.UseMvc();
    }
}