asp.net Webforms [WebMethod]端点上的CORS端点 [英] CORS endpoints on asp.net Webforms [WebMethod] endpoints
问题描述
我试图向Webforms风格的网络应用程序(.aspx和.asmx)添加一些 [WebMethod] 注释的端点函数。
我想用 [EnableCors] 注释那些端点,从而获得所有良好的ajax-预检功能。
VS2013接受注释,但端点不能与CORS一起播放。 (当使用同源但不是跨源时它们工作正常。)
我甚至不能让它们与向下和脏的函数交叉起源
HttpContext.Current.Response.AppendHeader(Access-Control-Allow-Origin,*);
方法 - 我的浏览器拒绝响应,并且不会显示跨源响应标题。
如何在这些 [WebMethod] 端点中获取CORS功能?
如果您需要预检请求,例如因此您可以发送已验证的请求,您将无法设置 Access-Control-Allow-Origin:* 。它必须是特定的原始域。
此外,还必须设置 Access-Control-Allow-Methods 和 Access-Control-Allow-Headers 响应头,如果你正在使用除默认值之外的任何东西。
CORS本身工作 - 这是它的定义。)
因此,仅仅引用 [EnableCors] 属性,您必须为参数设置值:
[EnableCors(origin:https: olliejones.com,标题:X-Custom-Header,方法:PUT,SupportsCredentials = true)]
或者如果你想手动和明确地做事情:
HttpContext.Current.Response.AppendHeader --Control-Allow-Origin,https://www.olliejones.com);
HttpContext.Current.Response.AppendHeader(Access-Control-Allow-Headers,X-Custom-Header);
HttpContext.Current.Response.AppendHeader(Access-Control-Allow-Methods,PUT);
HttpContext.Current.Response.AppendHeader(Access-Control-Allow-Credentials,true);最后一件事 - 你必须调用 .EnableCors() code>启动。在例如MVC或WebAPI,你会调用这个HttpConfiguration,当注册配置等等 - 但我不知道如何它与WebForms的工作。
I am trying to add some [WebMethod] annotated endpoint functions to a Webforms style web app (.aspx and .asmx).
I'd like to annotate those endpoints with [EnableCors] and thereby get all the good ajax-preflight functionality.
VS2013 accepts the annotation, but still the endpoints don't play nice with CORS. (They work fine when used same-origin but not cross-origin).
I can't even get them to function cross-origin with the down and dirty
HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Origin", "*");
approach -- my browsers reject the responses, and the cross-origin response headers don't appear.
How can I get CORS functionality in these [WebMethod] endpoints?
解决方案 If you need the preflight request, e.g. so you can send authenticated requests, you are not able to set Access-Control-Allow-Origin: *. It must be a specific Origin domain.
Also you must set the Access-Control-Allow-Methods and Access-Control-Allow-Headers response headers, if you are using anything besides the defaults.
(Note these constraints are just how CORS itself works - this is how it is defined.)
So, it's not enough to just throw on the [EnableCors] attribute, you have to set values to the parameters:
[EnableCors(origins: "https://www.olliejones.com", headers: "X-Custom-Header", methods: "PUT", SupportsCredentials = true)]
Or if you want to do things manually and explicitly:
HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Origin", "https://www.olliejones.com");
HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Headers", "X-Custom-Header");
HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Methods", "PUT");
HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Credentials", "true");
One last thing - you do have to call .EnableCors() on initiation. In e.g. MVC or WebAPI, you would call this on HttpConfiguration, when registering the config and such - however I have no idea how it works with WebForms.
这篇关于asp.net Webforms [WebMethod]端点上的CORS端点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
