A request by the implicit flow of SPA_Sample to ASP.NET Core Web API is not accepted.
daisukenishino2 opened this issue · comments
Requirement
Observed the problem that the request from implicit flow of SPA_Sample by jQuery doesn't accepted to the ASP.NET Core Web API. It seems that it is not a problem such as the token of authz header.
Because, I tested as follows for isolate problems to the ASP.NET Core Web API.
- SPA sent bearer token, then it's request isn't accepted.
- Sent bearer token from UWP, then it's request is accepted.
Currently, I think there is a possibility that the problem occurred by sent the request from URLs with hash fragments after getting token, or compatibility of jQuery and ASP.NET Core Web API.
There is possibility to resolve in the following.
- c# - How to enable CORS in ASP.NET Core - Stack Overflow
https://stackoverflow.com/questions/31942037/how-to-enable-cors-in-asp-net-core
UseCors
app.UseCors("MyPolicy");
AddCors
services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
}));
EnableCors
[EnableCors("MyPolicy")]
Reference
Microsoft Docs
- Enable Cross-Origin Requests (CORS) in ASP.NET Core
https://docs.microsoft.com/en-us/aspnet/core/security/cors - ASP.NET Core でのクロス オリジン要求 (CORS) を有効にします。
https://docs.microsoft.com/ja-jp/aspnet/core/security/cors
MultiPurposeAuthSite
- https://github.com/OpenTouryoProject/MultiPurposeAuthSite/blob/develop/root/programs/MultiPurposeAuthSiteCore/MultiPurposeAuthSiteCore/Startup.cs#L210
- https://github.com/OpenTouryoProject/MultiPurposeAuthSite/blob/develop/root/programs/MultiPurposeAuthSiteCore/MultiPurposeAuthSiteCore/Startup.cs#L289
- https://github.com/OpenTouryoProject/MultiPurposeAuthSite/blob/develop/root/programs/MultiPurposeAuthSiteCore/MultiPurposeAuthSiteCore/Controllers/OAuth2EndpointController.cs#L69
There is possibility to resolve in the following.
SPA_Sample side problem.
jQuery version is old, etc.
ASP.NET Core Web API side problem.
There is a problem with WebApiCompatShim, etc.
This issue has been resolved.
However, we are working with Private repositories and this fix has not yet been merged.
reference:
- ResourceServerTemplatesの実装に着手した。 - OSSコンソーシアム
https://www.osscons.jp/jokums114-537/