在Sharepoint 2013中启用CORS [英] Enable CORS in Sharepoint 2013

问题描述

我需要从各个Sharepoint域进行CORS，当然还要处理OPTIONS飞行前请求。
经过大量研究，我发现此解决方案（几乎）最适合我的需求。
修改global.asax可以让您处理多个域以及已传递的凭据以及OPTIONS的预检请求。

I need to make CORS from/to various Sharepoint domains, and of course handle the OPTIONS preflight request. After a lot of research I found that this solution is (almost) the best for my needs. Modify global.asax let you handle more than one domain with credentials passed, and the OPTIONS preflight request.

不好的一面是，按照建议应用它之后，您将无法再登录Sharepoint Designer。

The bad side is that after applying it as suggested, you can't login in Sharepoint Designer anymore.

我如下修改了global.asax，CORS可以，但是Sharepoint Designer没有。

I modified global.asax as below, CORS are ok, but Sharepoint Designer no.

public void Application_BeginRequest(object sender, EventArgs e) 
{
string httpOrigin = Request.Params["HTTP_ORIGIN"];
if (httpOrigin != null) 
{   
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", httpOrigin);
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-RequestDigest");
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Credentials", "true");

    if (Request.HttpMethod == "OPTIONS")
    {
        HttpContext.Current.Response.StatusCode = 200;
        var httpApplication = sender as HttpApplication;
        httpApplication.CompleteRequest();
    }
}    
}

我与Fiddler一起阅读了请求Sharepoint Designer可以做到，并且没有标题 Origin，所以我不知道它在哪里失败。
当我尝试登录Sharepoint Designer时，总是得到401作为响应。

I read with Fiddler the request that Sharepoint Designer does and there's not the header 'Origin' so I don't know where's it fails. When I try to login in Sharepoint Designer, I get always 401 as response.

有人知道如何解决吗？谢谢

Is there someone that knows how to resolve? Thanks

推荐答案

您可以如下更改条件。

You can change your condition as below. It works well.

    protected void Application_BeginRequest(Object sender, EventArgs e)
    {

        HttpContext InRequest = HttpContext.Current;

        string OldPath = InRequest.Request.Path.ToLower();

        if (OldPath.Contains("myservice.svc"))
        {

            string httpOrigin = Request.Params["HTTP_ORIGIN"];
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", httpOrigin);
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods",
                "GET, POST, PUT, DELETE, OPTIONS");
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers",
                "Origin, X-Requested-With, Content-Type, Accept, X-Token");
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Credentials", "true");

            if (Request.HttpMethod == "OPTIONS")
            {
                HttpContext.Current.Response.StatusCode = 200;
                var httpApplication = sender as HttpApplication;
                httpApplication.CompleteRequest();
            }
        }

    }

这篇关于在Sharepoint 2013中启用CORS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！