如何为ASP.NET允许CORS [英] how to allow CORS for ASP.NET
问题描述
我在尝试从JS / Ajax向我的WebAPI发出请求时遇到问题。在我的解决方案中,我有一个发布在srv02:2400上的Web API,我的网站是在srv02:2300上发布的
当我导航到页面 http:// srv02:2300 / all-requests.aspx ,该页面可以正常加载,除了应该来自我的API
,但我收到了错误消息:
XMLHttpRequest无法加载http:// srv02:2400 / api / requests / find / 1。对预检请求的响应未通过访问控制检查:所请求的资源上没有 Access-Control-Allow-Origin标头。因此,不允许访问来源 http:// srv02:2300。响应的HTTP状态代码为400。
但是,如果我使用url http:// srv02:2400 / api / requests / find / 1 并将其粘贴到浏览器中为我获取正确的JSON列表!。
我尝试在全球范围内启用CORS,因为建议此处:
- 安装软件包Microsoft.AspNet.WebApi.Cors
-
通过添加以下内容来更新WebApiConfig.cs:
var cors = new EnableCorsAttribute( http:// srv02:2400 , , );
config.EnableCors(cors);
但是,这没有用。
正如我之前提到的,我以Ajax的要求进行请求
$。ajax ({{
url: http:// srv02:2400 / api / requests / find / + id,
type: GET,
dataType:'json',
contentType:'application / json',
成功:函数(请求){
console.log('success');
},
错误:函数(err){
if(err){
console.log(err);
}
}
});
我尝试将json更改为jsonp,因为建议此处,但它不起作用。
关于如何在这里解决问题的任何想法。
谢谢!
您的全局属性看起来有误。 / p>
我认为您想改变两件事。
- 您的CORS网址应为您要允许的应用程序的网址(而不是您的apis网址),即
: 2300不是:2400。 - 您没有选择任何有效的标题和方法(动词)。您要么需要在此处使用特定的值,要么使用*(如果在全球范围内应用,则可能更有意义)。
例如,您想要以下内容:
var cors = new EnableCorsAttribute( http:// srv02:2300, *, * );
config.EnableCors(cors);
这应该指示浏览器(使用OPTIONS响应)是否要从<$调用此API c $ c> http:// srv02:2300 / * 带有任何动词或标题,没关系。如果另一个域尝试调用此API,则不会成功。
I have a problem trying to make a request from JS/Ajax to my WebAPI. In my solution I have a Web API that is published on srv02:2400 and my website that is published on srv02:2300
When I navigate to the page http://srv02:2300/all-requests.aspx, the page is loading fine except the data that is supposed to come form my API
and I am getting the error:
XMLHttpRequest cannot load http://srv02:2400/api/requests/find/1. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://srv02:2300' is therefore not allowed access. The response had HTTP status code 400.
However, If I take the url http://srv02:2400/api/requests/find/1 and paste it in a browser, it is getting me the correct JSON list!.
I tried to enable the CORS globally as it is recommended here in my API by:
- Installing the package Microsoft.AspNet.WebApi.Cors
Updating my WebApiConfig.cs by addding the following:
var cors = new EnableCorsAttribute("http://srv02:2400", "", ""); config.EnableCors(cors);
However, this did not work.
As I mentioned before, I am doing my request as Ajax reqeusts
$.ajax({
url: "http://srv02:2400/api/requests/find/" + id,
type: "GET",
dataType: 'json',
contentType: 'application/json',
success: function (requests) {
console.log('success');
},
error: function (err) {
if (err) {
console.log(err);
}
}
});
I tried to change json to jsonp as it is recommended here but it did not work.
Any idea of how to solve the problem here.
Thank you!
Your global attribute looks wrong.
I think you want two things to change.
- Your CORS url should be the URL of the application you want to allow (not your apis url) ie
:2300not:2400. - You have selected no valid headers and methods (verbs). You either need to use specific values here, or * (which probably makes more sense if you are applying this globally).
eg you want the following:
var cors = new EnableCorsAttribute("http://srv02:2300", "*", "*");
config.EnableCors(cors);
this should instruct browsers (using the OPTIONS response) that if they want to call this API from http://srv02:2300/* with any verbs or headers, its ok. If another domain tries to call this API it will not be ok.
这篇关于如何为ASP.NET允许CORS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
