web.api cors的404选项 [英] 404 for web.api cors OPTIONS

问题描述

我已经按照通常的步骤在web.api中启用了cors，但是在Chrome和Firefox中获得了对OPTIONS请求的404响应，我收到了跨源请求被阻止:同源政策不允许阅读https://api.mydomain.com/api/1/widgets上的远程资源.可以通过将资源移至同一域或启用CORS来解决此问题.

I've followed the usual steps for enabling cors in web.api, but get a 404 response to an OPTIONS request in Chrome and in Firefox I get Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.mydomain.com/api/1/widgets. This can be fixed by moving the resource to the same domain or enabling CORS.

在我的WebApiConfig.cs中，我得到了:

In my WebApiConfig.cs I've got:

var enableCorsAttribute = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(enableCorsAttribute);

我还尝试将 EnableCors 属性添加到特定的控制器或动作，并且所有属性都具有相同的结果.

I've also tried adding EnableCors attributes to the specific controllers or actions and all have the same result.

我还向我的web.config中添加了以下内容:

I've also added the following to my web.config:

<modules runAllManagedModulesForAllRequests="true">
  <remove name="WebDAVModule" />
</modules>
<handlers>
    <remove name="WebDAV" />
...

这是我的JavaScript:

Here is my javascript:

$.ajax({
    url: 'https://api.mydomain.com/api/1/widgets',
    type: "GET",
    headers: {
        Accept: "text/html; charset=utf-8",
        Authorization: 'Bearer ???????????????????????????????'
            }
        });

但是响应在Chrome中为404，在Firefox中为跨域请求已阻止".

But the response is 404 in Chrome and "Cross-Origin request Blocked" in Firefox.

以下是我的Chrome开发者工具栏上失败请求的详细信息:

Here are the details of the failing request from my chrome developer toolbar:

Remote Address:??.???.???.???:443
Request URL:https://api.mydomain.com/api/1/widgets
Request Method:OPTIONS
Status Code:404 Not Found

请求

OPTIONS /api/1/widgets HTTP/1.1
Host: api.mydomain.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://myotherdomain.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://myotherdomain.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6

响应

HTTP/1.1 404 Not Found
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: http://myotherdomain.com
Access-Control-Allow-Credentials: true
X-AspNetMvc-Version: 5.0
X-UA-Compatible: IE=edge,chrome=1
X-Frame-Options: SAMEORIGIN
Cache-conrol: no-store
Date: Thu, 28 Aug 2014 16:00:28 GMT
Content-Length: 341

我想念什么?

推荐答案

如果其他任何人都有相同的问题，则此问题是由于我们使用的是Microsoft出色的

In case anyone else has the same problem, this issue was due to the fact that we were using Microsoft's excellent UrlScan in IIS.

UrlScan具有 DenyVerbs 部分.确保允许使用选项动词.

UrlScan has an AllowVerbs section and a DenyVerbs section. Ensure that the options verb is allowed.

这篇关于web.api cors的404选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！