admin管理员组

文章数量:1431912

An ASP.NET MVC web app on .NET 4.7.1, when accessed in Chrome browser, the request header has no origin. The request header should have origin set to domain name.

When I access first time, it redirect to login page for authentication, and both request does not have origin in their request header.

I have the setting in my web.config that set Content-Security-Policy for default-src, object-src, connect-src, form-action, frame-ancestors, img-src, style-src, script-src, font-src, etc
Whatever content url in my app also has no origin or it is set to null.

<system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
            <remove name="X-AspNet-Version" />
            <remove name="X-AspNetMvc-Version" />
            <add name="X-Frame-Options" value="SAMEORIGIN" />
            <add name="X-Xss-Protection" value="1; mode=block" />
            <add name="X-Content-Type-Options" value="nosniff" />
            <add name="Referrer-Policy" value="no-referrer" />
            <add name="X-Permitted-Cross-Domain-Policies" value="none" />
            <add name="X-UA-Compatible" value="IE=edge" />
            <add name="Content-Security-Policy" value="default-src 'self'; 
            object-src 'self'; 
            connect-src 'self' https://localhost:4111 ; 
            form-action 'self'; 
            frame-ancestors 'none'; 
            img-src 'self' https://*.bing https://*.virtualearth data:; 
            style-src 'self' 'unsafe-inline'  ; 
            script-src 'self' 'unsafe-inline' 'unsafe-eval' ; 
            font-src 'self'  data:;" />
            <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
            <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
        </customHeaders>
    </httpProtocol>
</system.webServer>

Please advise what should I do to have origin set to domain name.

The initial request to home page as well as login and subsequent may content like css , js etc has no origin in the request header but this subsequent request has origin set to domain url

Why other request at initial stage does not have any value for origin? What can I do?

本文标签:

版权声明:本文标题:c# - ASP.NET MVC app on .NET 4.7.1 has origin set to null in request header or not found (but expected origin is set to domain u 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745595595a2665458.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。