具有多个域的访问控制允许来源 [英] Access-control-allow-origin with multiple domains
本文介绍了具有多个域的访问控制允许来源的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在我的 web.config 中,我想为 access-control-allow-origin
指令指定多个域.我不想使用 *
.我试过这种语法:
In my web.config I would like to specify more than one domain for the access-control-allow-origin
directive. I don't want to use *
. I've tried this syntax:
<add name="Access-Control-Allow-Origin" value="http://localhost:1506, http://localhost:1502" />
这个
<add name="Access-Control-Allow-Origin" value="http://localhost:1506 http://localhost:1502" />
这个
<add name="Access-Control-Allow-Origin" value="http://localhost:1506; http://localhost:1502" />
还有这个
<add name="Access-Control-Allow-Origin" value="http://localhost:1506" />
<add name="Access-Control-Allow-Origin" value="http://localhost:1502" />
但它们都不起作用.什么是正确的语法?
but none of them work. What is the correct syntax ?
推荐答案
只能有一个 Access-Control-Allow-Origin
响应头,并且该头只能有一个 origin 值.因此,为了让它工作,你需要一些代码:
There can only be one Access-Control-Allow-Origin
response header, and that header can only have one origin value. Therefore, in order to get this to work, you need to have some code that:
- 获取
Origin
请求标头. - 检查原始值是否是列入白名单的值之一.
- 如果有效,则使用该值设置
Access-Control-Allow-Origin
标头.
- Grabs the
Origin
request header. - Checks if the origin value is one of the whitelisted values.
- If it is valid, sets the
Access-Control-Allow-Origin
header with that value.
我不认为仅通过 web.config 就可以做到这一点.
I don't think there's any way to do this solely through the web.config.
if (ValidateRequest()) {
Response.Headers.Remove("Access-Control-Allow-Origin");
Response.AddHeader("Access-Control-Allow-Origin", Request.UrlReferrer.GetLeftPart(UriPartial.Authority));
Response.Headers.Remove("Access-Control-Allow-Credentials");
Response.AddHeader("Access-Control-Allow-Credentials", "true");
Response.Headers.Remove("Access-Control-Allow-Methods");
Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
}
这篇关于具有多个域的访问控制允许来源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文