all was fine, when a few days ago, my app broke down. I do not know why it pappend. I get the error
XMLHttpRequest cannot load http://localhost:57859/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4400' is therefore not allowed access.
So I changed service like this http://ift.tt/1afeAuh
public static class WebApiConfig { public static void Register(HttpConfiguration config) { // Web API configuration and services config.EnableCors();
and controller
[EnableCors(origins: "", headers: "", methods: "*")]
And i get new error
A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost:4400' is therefore not allowed access.
How to disable corse in my project? Is it safe? I heard about cordova automatically disable corse
My code is
$.ajax({ async: false, type: "POST", xhrFields: { withCredentials: true }, crossDomain: true, dataType: "json", xhrFields: { withCredentials: true }, url: "http://localhost:57859/token",//Clouda.Settings.signInUrl dataType: "json", data: "grant_type=password&username=mario&password=gitara",//"grant_type=password&username="+login+"&password="+password, success: function (data, textStatus, jqXHR) { if (data['succes'] === true) { } //tworzenie sesji var today = new Date(); var expirationDate = new Date(); expirationDate.setTime(today.getTime() + Clouda.Settings.sesstionTimeoutInMSec); Clouda.Session.getInstance().set({ userProfileModel: data['token_type'], sessionId: data['access_token'], expirationDate: expirationDate, keepSignedIn: me.$chkKeepSignedIn.is(":checked") }); $.mobile.navigate(me.bookingsPageId); return; }, error: function (xhr, ajaxOptions, thrownError) { alert(JSON.stringify(xhr)); alert(thrownError); } });
and authorisation server
using System; using Microsoft.Owin; using Microsoft.Owin.Security.OAuth; using Owin; using Clouda.Provider; using Microsoft.AspNet.Identity; using Microsoft.AspNet.Identity.EntityFramework; using Microsoft.AspNet.Identity.Owin; using Clouda.Models; using System.Web.Http.Cors;
[assembly: OwinStartup(typeof(Clouda.Startup))]
namespace Clouda { [EnableCors(origins: "", headers: "", methods: "*")] public class Startup { public void Configuration(IAppBuilder app) { app.CreatePerOwinContext(() => new cloudAEntities()); app.CreatePerOwinContext>(CreateManager);
//token generation app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/token"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(60), Provider = new SimpleAuthorrizationServerProvider() }); // Token Generation app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); //app.UseWebApi(WebApiConfig.Register()); } private static UserManager<IdentityUser> CreateManager(IdentityFactoryOptions<UserManager<IdentityUser>>options, IOwinContext context) { var userStore = new UserStore(context.Get()); var manager = new UserManager(userStore); return manager; } } }
Aucun commentaire:
Enregistrer un commentaire