Programmer puzzle solving

    最新消息:Welcome to the puzzle paradise for programmers! Here, a well-designed puzzle awaits you. From code logic puzzles to algorithmic challenges, each level is closely centered on the programmer's expertise and skills. Whether you're a novice programmer or an experienced tech guru, you'll find your own challenges on this site. In the process of solving puzzles, you can not only exercise your thinking skills, but also deepen your understanding and application of programming knowledge. Come to start this puzzle journey full of wisdom and challenges, with many programmers to compete with each other and show your programming wisdom! Translated with DeepL.com (free version)
    你的位置: HOME>matter>c# - ASP.NET MVC app on .NET 4.7.1 has origin set to null in request header or not found (but expected origin is set to domain u

    c# - ASP.NET MVC app on .NET 4.7.1 has origin set to null in request header or not found (but expected origin is set to domain u

    matteradmin7PV0评论

    An ASP.NET MVC web app on .NET 4.7.1, when accessed in Chrome browser, the request header has no origin. The request header should have origin set to domain name.

    When I access first time, it redirect to login page for authentication, and both request does not have origin in their request header.

    I have the setting in my web.config that set Content-Security-Policy for default-src, object-src, connect-src, form-action, frame-ancestors, img-src, style-src, script-src, font-src, etc
    Whatever content url in my app also has no origin or it is set to null.

    <system.webServer>
    <httpProtocol>
        <customHeaders>
            <remove name="X-Powered-By" />
            <remove name="X-AspNet-Version" />
            <remove name="X-AspNetMvc-Version" />
            <add name="X-Frame-Options" value="SAMEORIGIN" />
            <add name="X-Xss-Protection" value="1; mode=block" />
            <add name="X-Content-Type-Options" value="nosniff" />
            <add name="Referrer-Policy" value="no-referrer" />
            <add name="X-Permitted-Cross-Domain-Policies" value="none" />
            <add name="X-UA-Compatible" value="IE=edge" />
            <add name="Content-Security-Policy" value="default-src 'self'; 
            object-src 'self'; 
            connect-src 'self' https://localhost:4111 ; 
            form-action 'self'; 
            frame-ancestors 'none'; 
            img-src 'self' https://*.bing https://*.virtualearth data:; 
            style-src 'self' 'unsafe-inline'  ; 
            script-src 'self' 'unsafe-inline' 'unsafe-eval' ; 
            font-src 'self'  data:;" />
            <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
            <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
        </customHeaders>
    </httpProtocol>
</system.webServer>

    Please advise what should I do to have origin set to domain name.

    The initial request to home page as well as login and subsequent may content like css , js etc has no origin in the request header but this subsequent request has origin set to domain url

    Why other request at initial stage does not have any value for origin? What can I do?

    continue to browse articles about articles of

    Articles related to this article

    Post a comment

    comment list (0)

    1. No comments so far