在 IIS7 上启用跨域资源共享
我最近遇到了将 Javascript 请求发布到另一个域的问题.默认情况下,不允许将 XHR 发布到其他域.
按照
解决方案这可能是 IIS 7处理"HTTP OPTIONS 响应而不是您的应用程序指定它的情况.为了确定这一点,在 IIS7 中,
转到您网站的处理程序映射.
向下滚动到OPTIONSVerbHandler".
将ProtocolSupportModule"更改为IsapiHandler"
设置可执行文件:%windir%Microsoft.NETFrameworkv4.0.30319aspnet_isapi.dll
现在,当发送 HTTP OPTIONS 动词时,上面的配置条目应该会启动.
您也可以在 BeginRequest 方法中响应 HTTP OPTIONS 动词.
protected void Application_BeginRequest(object sender,EventArgs e){HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");if(HttpContext.Current.Request.HttpMethod == "选项"){//这些标头正在处理浏览器发送的飞行前" OPTIONS 调用HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000" );HttpContext.Current.Response.End();}}I recently ran into with posting Javascript requests to another domain. By default XHR posting to other domains is not allowed.
Following the instructions from http://enable-cors.org/, I enabled this on the other domain.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Everything works fine now, however it is still return a 405 response before sending back the working 200 response.
Request URL:http://testapi.nottherealsite.com/api/Reporting/RunReport
Request Method:OPTIONS
Status Code:405 Method Not Allowed
Request Headersview source
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Access-Control-Request-Headers:origin, content-type, accept
Access-Control-Request-Method:POST
Connection:keep-alive
Host:testapi.nottherealsite.com
Origin:http://test.nottherealsite.com
Referer:http://test.nottherealsite.com/Reporting
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Response Headersview source
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin:*
Allow:POST
Cache-Control:private
Content-Length:1565
Content-Type:text/html; charset=utf-8
Date:Tue, 18 Sep 2012 14:26:06 GMT
Server:Microsoft-IIS/7.5
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET
Update: 3/02/2014
There is a recently updated article in MSDN magazine. Detailing CORS Support in ASP.NET Web API 2.
http://msdn.microsoft.com/en-us/magazine/dn532203.aspx
解决方案It is likely a case of IIS 7 'handling' the HTTP OPTIONS response instead of your application specifying it. To determine this, in IIS7,
Go to your site's Handler Mappings.
Scroll down to 'OPTIONSVerbHandler'.
Change the 'ProtocolSupportModule' to 'IsapiHandler'
Set the executable: %windir%Microsoft.NETFrameworkv4.0.30319aspnet_isapi.dll
Now, your config entries above should kick in when an HTTP OPTIONS verb is sent.
Alternatively you can respond to the HTTP OPTIONS verb in your BeginRequest method.
protected void Application_BeginRequest(object sender,EventArgs e)
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
if(HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
//These headers are handling the "pre-flight" OPTIONS call sent by the browser
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000" );
HttpContext.Current.Response.End();
}
}
相关文章