使用服务器变量配置URL重写以支持多个来源 [英] Configure URL Rewrite using server variable to support multiple origins

问题描述

几天前，我正在处理CORS问题，需要支持多种来源.我进行了一些研究，发现了几篇文章，向我指出了这个出色的工具(URL重写).我按照Paco Zarate的提示在这里获得了想要的解决方案: Access-control-allow-网址重写.我还在这里找到了另一篇文章: http://www .carlosag.net/articles/enable-cors-access-control-allow-origin.cshtml 展示了如何在URL Rewrite中使用不同的配置方法来实现相同的解决方案.

I was dealing with CORS issue a couple days ago where I need to support multiple origins. I did some research and found a couple posts pointing me to this great tool (URL Rewrite). I got the solution I wanted following Paco Zarate tip here: Access-control-allow-origin with multiple domains using URL Rewrite. I also found another post here: http://www.carlosag.net/articles/enable-cors-access-control-allow-origin.cshtml showing me how to achieve the same solution with a different method of configuration within URL Rewrite.

Paco Zarate解决方案就像一个魅力.为什么我仍然要问问题?这只是出于学习目的.而且，我认为第二个发布配置会产生一个更优雅的我希望列入白名单的来源/域列表.为了便于维护，我可以转到重写地图"并查看我的所有AllowedOrigins.

Paco Zarate solution works like a charm. Why am I still asking question? It's just for learning purposes. And also I think the second post configuration yields a more elegant list of origins/domains I want to white-listed. For ease of maintainability I can just go to the Rewrite Maps and see all of my AllowedOrigins.

当尝试第二篇文章的解决方案时，我收到以下消息:浏览器调试器工具的控制台"选项卡下的ERR_CONNECTION_RESET.并且网络"标签下的请求标头显示已显示临时标头"

When attempted the second post's solution, I got this message: ERR_CONNECTION_RESET under Console tab of the browser debugger tool. And the request header under Network tab says "Provisional headers are shown"

非常感谢.

我的配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
    <httpErrors errorMode="Detailed" />
    <urlCompression doStaticCompression="true" doDynamicCompression="true" />
    <httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Headers" value="Origin, Content-Type, Accept" />
            <add name="Access-Control-Request-Method" value="POST" />
            <add name="Access-Control-Allow-Credentials" value="true" />
            <add name="Access-Control-Allow-Origin" value="http://localhost:8080" />
        </customHeaders>
    </httpProtocol>
    <rewrite>
        <rules>
            <rule name="Capture Origin Header"> 
        <match url=".*" /> 
        <conditions>
                    <add input="{HTTP_ORIGIN}" pattern=".+" /> 
        </conditions> 
        <serverVariables>
                    <set name="CAPTURED_ORIGIN" value="{C:0}" /> 
        </serverVariables> 
        <action type="None" /> 
        </rule>
            <rule name="Preflight Options" enabled="false" stopProcessing="true">
                <match url=".*" />
                <conditions>
                    <add input="{REQUEST_METHOD}" pattern="^OPTIONS$" />
                </conditions>
                <action type="CustomResponse" statusCode="200" statusReason="Preflight" statusDescription="Preflight" />
            </rule>
        </rules>
        <rewriteMaps>
            <rewriteMap name="AllowedOrigins">
                <add key="http://somedomain:8080" value="http://localhost:8080" />
            </rewriteMap>
        </rewriteMaps>
         <outboundRules> 
            <rule name="Set-Access-Control-Allow-Origin for known origins"> 
                <match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" negate="true" /> 
                <conditions> 
                    <add input="{AllowedOrigins:{CAPTURED_ORIGIN}}" pattern=".+" /> 
                </conditions> 
                <action type="Rewrite" value="{C:0}" /> 
            </rule> 
        </outboundRules> 
    </rewrite>
    <tracing>
        <traceFailedRequests>
            <add path="*">
                <traceAreas>
                    <add provider="WWW Server" areas="Rewrite" verbosity="Verbose" />
                </traceAreas>
                <failureDefinitions timeTaken="00:00:00" statusCodes="500" verbosity="Error" />
            </add>
        </traceFailedRequests>
    </tracing>
</system.webServer>

推荐答案

在尝试使用URL重写模块启用CORS时，我遇到了很多问题，经过大量的故障排除后，我发现对于IIS 7.5+，您可以使用IIS CORS模块: https://www.iis.net/downloads/microsoft/iis- cors-module

I had a lot of issues trying to use URL Rewrite module to enable CORS, after a lot of troubleshooting I found that for IIS 7.5+ you can use IIS CORS Module: https://www.iis.net/downloads/microsoft/iis-cors-module

您的web.config应该是这样的:

Your web.config should be something like this:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <cors enabled="true" failUnlistedOrigins="true">
            <add origin="http://localhost:8080" allowCredentials="true">
                <allowMethods>                    
                    <add method="POST" />
                </allowMethods>
            </add>
        </cors>
    </system.webServer>
</configuration>

您可以在此处找到配置参考:

You can find the configuration reference in here: https://docs.microsoft.com/en-us/iis/extensions/cors-module/cors-module-configuration-reference

这篇关于使用服务器变量配置URL重写以支持多个来源的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！