不允许使用 CORS 405 方法 [英] CORS 405 Method Not Allowed
问题描述
我一直在关注 Mozilla 文章,了解如何设置我的网站以允许 跨站点脚本请求.使用 IIS 管理器,我添加了以下 HTTP 响应标头
I have been following the Mozilla article on how to set up my website to allow Cross-site scripting requests. Using IIS Manager I have added the following HTTP Response Headers
Access-Control-Allow-Origin : *
Access-Control-Allow-Headers : Origin, SecurityPrivateKeyID
Access-Control-Allow-Methods : GET, POST, PUT, DELETE, OPTIONS
尽管如此,当我的浏览器(Firefox 和 Chrome)发送带有自定义 SecurityPrivateKeyID
标头的飞行前请求时,我不断收到 405 Method Not Allowed
.
Despite this I keep getting a 405 Method Not Allowed
when my browsers (Firefox and Chrome) send the pre-flight request with a custom SecurityPrivateKeyID
header.
请求
OPTIONS /Service/Json/User.svc/ HTTP/1.1
Host: serviceprovider.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://client.com
Access-Control-Request-Method: GET
Access-Control-Request-Headers: securityprivatekeyid
Connection: keep-alive
回应
HTTP/1.1 405 Method Not Allowed
Allow: GET
Content-Length: 1565
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/8.0
access-control-allow-origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Origin, SecurityPrivateKeyID
Date: Sat, 23 Mar 2013 08:35:03 GMT
直接在 http://serviceprovider.com/Service/Json/User.svc/
访问时服务运行良好.
The service works fine when accessing directly at http://serviceprovider.com/Service/Json/User.svc/
.
关于我做错了什么有什么想法吗?
Any ideas on what I am doing wrong?
[注意我已将主机文件更改为在我的机器上指向 client.com 和 serviceprovider.com]
[note I have changed my hosts files to point client.com and serviceprovider.com at my machine]
[使用 JSONP 的解决方案不行,因为我的 Web 服务必须能够使用 POST、PUT 和 DELETE 方法]
[a solution using JSONP will not do as my web service must be able to consume POST, PUT and DELETE methos]
推荐答案
我的 IIS 8 实例是全新安装的,看来我需要对 Handler Mappings
My IIS 8 instance is fresh installation, it seems I needed to make some modifications to the Handler Mappings
如果任何建议的更改破坏了您现有的网站,最好备份 applicationhost.config 文件
In the event that any of the sugggested changes break your existing websites it's best to make a backup of the applicationhost.config file
- 导航到
C:WindowsSystem32inetsrvconfig
- 复制
applicationhost.config
删除未使用的处理程序
作为起点,我删除了所有未使用的处理程序映射以减少问题空间.您可以通过直接修改 applicationhost.config
或使用 IIS 管理器来完成此操作
Remove Unused Handlers
As a starting point I removed all unused Handler Mappings to reduce the problem space. You can do this by modifying the applicationhost.config
directly or by using IIS Manager
- 打开 IIS 管理器
- 在服务器节点或单个网站节点上选择处理程序映射功能
- 手动删除所有不需要的映射.
我的网站以服务为基础,仅依赖于静态文件和具有 .aspx
和 .svc
文件扩展名的文件.我还手动删除了整个配置文件中对 .NET 2.0
的所有引用.
My websites are heavily service based and just depend on static files and files with the .aspx
and .svc
files extensions. I also manually removed all references to .NET 2.0
throughout the configuration file.
这似乎是解决办法.
- 打开 IIS 管理器
- 在服务器节点或单个网站节点上选择处理程序映射功能
- 在左侧列中选择
添加模块映射
- 在
Add Module Mapping
对话框中使用以下值.请求路径
-*
模块
-ProtocolSupportModule
可执行文件
- [留空]名称
- [随便你]
- Open IIS Manager
- Either on the server node or the individual website node select the Handler Mappings feature
- In the lefthand column select
Add Module Mapping
- In the
Add Module Mapping
dialog use the following values.Request path
-*
Module
-ProtocolSupportModule
Executable
- [Leave blank]Name
- [Whatever you want]
- 在
Mapping
选项卡中,取消勾选Invoke handler only if request is mapped to
- 在
Verbs
选项卡中确保选择了OPTIONS
- 在
Access
选项卡中选择Script
- In the
Mapping
tab, unckeckInvoke handler only if request is mapped to
- In the
Verbs
tab ensureOPTIONS
is selected - In the
Access
tab selectScript
我生成的 Handlers 配置如下所示
My resulting Handlers configuration looks like this
<handlers accessPolicy="Read, Script">
<add name="OPTIONS" path="*" verb="OPTIONS" modules="ProtocolSupportModule" resourceType="Unspecified" />
<add name="svc-Integrated-4.0" path="*.svc" verb="*" type="System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="SecurityCertificate" path="*.cer" verb="GET,HEAD,POST" modules="IsapiModule" scriptProcessor="%windir%system32inetsrvasp.dll" resourceType="File" />
<add name="ISAPI-dll" path="*.dll" verb="*" modules="IsapiModule" resourceType="File" requireAccess="Execute" allowPathInfo="true" />
<add name="PageHandlerFactory-Integrated-4.0" path="*.aspx" verb="GET,HEAD,POST,DEBUG" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="CGI-exe" path="*.exe" verb="*" modules="CgiModule" resourceType="File" requireAccess="Execute" allowPathInfo="true" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" responseBufferLimit="0" />
<add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
</handlers>
这篇关于不允许使用 CORS 405 方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!