{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 对你真心纯属浪费 的问题《What does exactly is the Microsoft.Owin.Cors middl》','https://www.manongdao.com/q-530657.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have an ASP.NET Web Api 2.0 project with token authentication and everything done mainly following this article:
Token Based Authentication using ASP.NET Web API 2, Owin, and Identity, Bit Of Technology
But I am struggling to understand what exactly this line of code in my Startup.cs does:
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
This does not make the Web Api add the Access-Control-Allow-Origin header to my API responses, in other words it does not enable Cors in my Web Api (still trying to understand how to do this by the way). It does not even add it to my bearer token authentication server response. I have to have this code to my OAuthAuthorizationServerProvider:
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
to enable Cors on my token provider end point responses.
So what is the use of this Microsoft.Owin.Cors middleware anyway? Because everywhere I read about Web Api 2.0 and Cors this line of code
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
comes up:
thanks for following my tutorial.
This LOC
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);is used to enable CORS for the API itself (Any controller inheriting fromApiController).But for the Authz server and end point
/tokenthis make no affect that is why I've to addcontext.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });This end point is not part from the API and doesn't inherit fromApiControllerclass.Hope this answers your question.