原产地的http：//本地主机不被访问控制允许来源允许 [英] Origin http://localhost is not allowed by Access-Control-Allow-Origin

问题描述

我想打电话从我的本地机器一个web服务。但我得到在Chrome控制台以下错误：结果
http://www.test.com/service.svc/api/?cid=1 405（不允许的方法）
XMLHtt prequest无法加载http://www.test.com/service.svc/api/?cid=1。结果
产地HTTP：//本地主机不会被允许访问控制允许来源

我的本地测试网址是：
HTTP：//localhost/welcome/html/index.html

当我上传我的code到实际的域，并呼吁从那里web服务，它ofcourse工作。

我已经试图改变访问控制头，但是这并不帮助。

 命名空间RestService公共服务类
    实现Iservice    公共职能GetProvinces（CID BYVAL作为字符串）作为AjaxControlToolkit.CascadingDropDownNameValue（）实现Iweddingservice.GetProvinces
        WebOperationContext.Current.OutgoingResponse.Headers.Add（访问控制允许的方法，删除，POST，GET，OPTIONS）
        WebOperationContext.Current.OutgoingResponse.Headers.Add（访问控制允许原产地，*）        昏暗的MyConnection的作为的SqlConnection =的getConnection（）
        昏暗CMD作为新的SqlCommand（SELECT provinceid，标题FROM省份CountryID = @ CountryID ORDER BY标题ASC，MyConnection的）
        cmd.Parameters.Add（新的SqlParameter（@ CountryID，CID））
        昏暗的值作为新的列表（中CascadingDropDownNameValue）
        尝试
            MyConnection.Open（）
            昏暗的读者作为SqlDataReader的= cmd.ExecuteReader
            虽然reader.Read
                values​​.Add（新CascadingDropDownNameValue（读卡器（称号）。的ToString，读者（provinceid）。的ToString））
            虽然结束
        抓住EX为例外        最后
            MyConnection.Close（）
        结束Try
        返回values​​.ToArray
    结束功能末级
最终命名空间
 

解决方案

对服务的请求，因为浏览器同源策略的失败。本地服务器在的http：//本地主机，而你正试图在 HTTP访问资源：//www.test.com/ 。这些都在不同的领域。所以它不会起作用。

这个问题的解决方法是使用访问控制允许来源和访问控制允许的方法 规范的一部分。你已经包括在这些响应头，但将没有任何好处，因为浏览器将作出的选项动词一个pre-飞行的要求，以验证是否允许调用。由于您的服务是不是能处理OPTIONS动词你看到一个405（不允许的方法）错误。

所以，如果你想要你的服务是从不同的域访问，那么你就必须修改WCF服务支持CORS。我会推荐此链接：<一个href=\"http://blogs.microsoft.co.il/blogs/idof/archive/2011/07/02/cross-origin-resource-sharing-cors-and-wcf.aspx\">http://blogs.microsoft.co.il/blogs/idof/archive/2011/07/02/cross-origin-resource-sharing-cors-and-wcf.aspx.通过使用此您可以在您现有的code没有变化使你的服务支持CORS。

I'm trying to call a webservice from my local machine. But the I get the following errors in Chrome console:
http://www.test.com/service.svc/api/?cid=1 405 (Method Not Allowed) XMLHttpRequest cannot load http://www.test.com/service.svc/api/?cid=1.
Origin http://localhost is not allowed by Access-Control-Allow-Origin.

My local test URL is: http://localhost/welcome/html/index.html

When I upload my code to the actual domain and call the webservice from there, it does work ofcourse.

I've already tried to change the access control headers, but that doesnt help.

Namespace RestService

Public Class service
    Implements Iservice

    Public Function GetProvinces(ByVal cid As String) As AjaxControlToolkit.CascadingDropDownNameValue() Implements Iweddingservice.GetProvinces
        WebOperationContext.Current.OutgoingResponse.Headers.Add("Access-Control-Allow-Methods", "DELETE, POST, GET, OPTIONS")
        WebOperationContext.Current.OutgoingResponse.Headers.Add("Access-Control-Allow-Origin", "*")

        Dim MyConnection As SqlConnection = GetConnection()
        Dim cmd As New SqlCommand("SELECT provinceid,title FROM provinces WHERE CountryID=@CountryID ORDER BY title ASC", MyConnection)
        cmd.Parameters.Add(New SqlParameter("@CountryID", cid))
        Dim values As New List(Of CascadingDropDownNameValue)
        Try
            MyConnection.Open()
            Dim reader As SqlDataReader = cmd.ExecuteReader
            While reader.Read
                values.Add(New CascadingDropDownNameValue(reader("title").ToString, reader("provinceid").ToString))
            End While
        Catch ex As Exception

        Finally
            MyConnection.Close()
        End Try
        Return values.ToArray
    End Function

End Class


End Namespace       

解决方案

The request to the service is failing because of browser same origin policy. Your local server is at http://localhost while you are trying to access a resource at http://www.test.com/. These are both at different domains. So it won't work.

The solution to this problem is to use the Access-Control-Allow-Origin and Access-Control-Allow-Methods, part of the CORS spec. You've included these in the response headers but that won't do any good because the browser will be making a pre-flight request with OPTIONS verb to verify if the call is allowed. Since your service is not able to handle the OPTIONS verb you are seeing a 405 (Method Not Allowed) error.

So, if you'd want your service to be accessible from a different domain then you'll have to modify your WCF service to support CORS. I would recommend this link: http://blogs.microsoft.co.il/blogs/idof/archive/2011/07/02/cross-origin-resource-sharing-cors-and-wcf.aspx. By using this you can make your service support CORS with no change in your existing code.

这篇关于原产地的http：//本地主机不被访问控制允许来源允许的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！