IIS 10自动添加错误的CORS标头 [英] IIS 10 automatically adds wrong CORS header

问题描述

我已经在服务器上安装了IIS CORS模块.

I have installed IIS CORS moudule on the server.

在OPTIONS请求中，我得到了:

On the OPTIONS request I get :

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE
Access-Control-Allow-Origin: ### the actual good origin ###
Date: Fri, 13 Sep 2019 06:32:11 GMT
Server: Microsoft-IIS/10.0
Vary: Origin
X-Powered-By: ASP.NET

但是在POST请求中我得到了

But on the POST request I get

Access-Control-Allow-Origin: http://localhost/
Content-Length: 1216
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Sep 2019 06:32:11 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET

在Web配置中，我有

  <cors enabled="true">
  <add origin="### the actual good origin ###" allowCredentials="true" >

    <allowHeaders allowAllRequestedHeaders="true" />
    <allowMethods >
        <add method="GET" />
        <add method="HEAD" />
        <add method="POST" />
        <add method="PUT" /> 
        <add method="DELETE" />         
    </allowMethods>
  </add>
</cors>

我尝试调用的WebService是WCF Web服务.

The WebService I try to call is an WCF webservice.

如何在POST请求上禁用"localhost"标头?我既没有在web.config中也没有在IIS本身中设置任何静态标头

How can I disable the "localhost" header on the POST request? I am not setting anything static header, neither in web.config nor in IIS itself

推荐答案

我建议您尝试将 Global.asax 文件添加到WCF项目中，该文件用于解决CORS问题.

I suggest you try to add the Global.asax file to the WCF project, which is used to solve the CORS issue.

protected void Application_BeginRequest(object sender, EventArgs e)
        {
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
            if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
            {
                HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache");
                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With,Accept");
                HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
                HttpContext.Current.Response.End();
            }

或者，我们也可以在webconfig文件中对其进行配置.

Alternatively, we could also configure it in webconfig file.

        protected void Application_BeginRequest(object sender, EventArgs e)
        {
            if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
            {
                Response.End();
            }

        }

Webconfig.

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <directoryBrowse enabled="true" />
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*"/>
        <add name="Access-Control-Allow-Headers" value="content-type" />
        <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>

请随时让我知道问题是否仍然存在.

Feel free to let me know if the problem still exists.

这篇关于IIS 10自动添加错误的CORS标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！