IIS 10自动添加错误的CORS标头 [英] IIS 10 automatically adds wrong CORS header
问题描述
我已经在服务器上安装了IIS CORS模块.
I have installed IIS CORS moudule on the server.
在OPTIONS请求中,我得到了:
On the OPTIONS request I get :
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE
Access-Control-Allow-Origin: ### the actual good origin ###
Date: Fri, 13 Sep 2019 06:32:11 GMT
Server: Microsoft-IIS/10.0
Vary: Origin
X-Powered-By: ASP.NET
但是在POST请求中我得到了
But on the POST request I get
Access-Control-Allow-Origin: http://localhost/
Content-Length: 1216
Content-Type: application/json; charset=utf-8
Date: Fri, 13 Sep 2019 06:32:11 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
在Web配置中,我有
<cors enabled="true">
<add origin="### the actual good origin ###" allowCredentials="true" >
<allowHeaders allowAllRequestedHeaders="true" />
<allowMethods >
<add method="GET" />
<add method="HEAD" />
<add method="POST" />
<add method="PUT" />
<add method="DELETE" />
</allowMethods>
</add>
</cors>
我尝试调用的WebService是WCF Web服务.
The WebService I try to call is an WCF webservice.
如何在POST请求上禁用"localhost"标头?我既没有在web.config中也没有在IIS本身中设置任何静态标头
How can I disable the "localhost" header on the POST request? I am not setting anything static header, neither in web.config nor in IIS itself
推荐答案
我建议您尝试将 Global.asax 文件添加到WCF项目中,该文件用于解决CORS问题.
I suggest you try to add the Global.asax file to the WCF project, which is used to solve the CORS issue.
protected void Application_BeginRequest(object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
HttpContext.Current.Response.AddHeader("Cache-Control", "no-cache");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With,Accept");
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
HttpContext.Current.Response.End();
}
或者,我们也可以在webconfig文件中对其进行配置.
Alternatively, we could also configure it in webconfig file.
protected void Application_BeginRequest(object sender, EventArgs e)
{
if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
{
Response.End();
}
}
Webconfig.
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="true" />
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*"/>
<add name="Access-Control-Allow-Headers" value="content-type" />
<add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>
请随时让我知道问题是否仍然存在.
Feel free to let me know if the problem still exists.
这篇关于IIS 10自动添加错误的CORS标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!