启用具有的WebAPI PUT / POST请求CORS？ [英] Enabling CORS with WebAPI PUT / POST requests?

问题描述

我试过下面这篇文章，但我还是不太有：

I've tried following this post but I'm still not quite there:

<一个href=\"http://stackoverflow.com/questions/12521499/cors-support-for-put-and-delete-with-asp-net-web-api\">CORS对PUT支持和的ASP.NET Web API 删除

在我的web.config我有以下几点：

In my web.config I have the following:

<system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <httpProtocol>
      <customHeaders>
        <!-- TODO: don't let anyone make requests - only approved clients -->
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Headers" value="Content-Type" />
        <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
      </customHeaders>
    </httpProtocol>
    <handlers>
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="WebDAV" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="WebDAVModule"/>
    </modules>
  </system.webServer>

但在铬，当我做一个POST请求我得到的不允许错误：

But in chrome when I make a POST request I get the Not Allowed error:

我的要求是这样的：

var request = $.ajax({
            async: true,
            url: apiEndpoint + 'api/login',
            type: 'POST',
            data: JSON.stringify(data),
            contentType: "application/json; charset=utf-8",
            dataType: 'json'
        })

apiEndpoint是本地主机，但在不同的端口上 - 客户端和API项目在不同的解决方案。

apiEndpoint is on localhost but on a different port - the client and api projects are in different solutions.

POST请求，最终使得其对服务器的方式，但我总是得到相关选项的错误，我从来没有得到保存到，因为它在客户端的cookie。

The POST request eventually makes its way to the server, but I always get an error related to OPTIONS and I never get a cookie saved to the client because of it.

我花了几个小时试图让与的WebAPI工作CORS：

I spent the last couple hours trying to get CORS with WebAPI working:

<一个href=\"https://aspnetwebstack.$c$cplex.com/wikipage?title=CORS%20support%20for%20ASP.NET%20Web%20API\">https://aspnetwebstack.$c$cplex.com/wikipage?title=CORS%20support%20for%20ASP.NET%20Web%20API

但导致猛拉我的一切了一些集版本的问题 - 希望有一个简单的解决方案。

But some assembly versioning issues led to me yanking everything out - hopefully there's a simpler solution.

推荐答案

POST，PUT，DELETE等使用pre-CORS档期。浏览器发送一个OPTIONS请求。既然你没有处理选项的操作方法，你得到一个405在其最简单的形式，你必须实现在您的控制器像这样的操作方法。

POST, PUT, DELETE, etc use pre-flighted CORS. The browser sends an OPTIONS request. Since you do not have an action method that handles OPTIONS, you are getting a 405. In its most simplest form, you must implement an action method like this in your controller.

public HttpResponseMessage Options()
{
    var response = new HttpResponseMessage();
    response.StatusCode = HttpStatusCode.OK;
    return response;
}

有一点要注意的是，您在web.config中配置的customHeaders将已经添加必要访问控制允许来源和访问控制允许的方法头。因此，操作方法不这样做。

One thing to note is that the customHeaders you have configured in web.config will already be adding the necessary Access-Control-Allow-Origin and Access-Control-Allow-Methods headers. So the action method is not doing the same.

在实施工程的控制器的操作方法，但未必是一个好的选择。一个更好的选择将是实施，这是否给你一个消息处理程序。一个更好的选择将是使用thinktecture身份模式，使CORS。 的Web API 2 CORS具有内置支持在（从ttidm拍摄）。

Implementing action method in controller works but may not be a good option. A better option will be to implement a message handler that does this for you. A much better option will be to use thinktecture identity model to enable CORS. Web API 2 has CORS support built-in (taken from ttidm).

这篇关于启用具有的WebAPI PUT / POST请求CORS？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！