使用 WebAPI PUT/POST 请求启用 CORS? [英] Enabling CORS with WebAPI PUT / POST requests?
问题描述
我已经尝试关注这篇文章,但我仍然没有完全做到:
但是一些程序集版本控制问题导致我将所有内容都删除了 - 希望有一个更简单的解决方案.
POST、PUT、DELETE 等使用预检的 CORS.浏览器发送一个 OPTIONS 请求.由于您没有处理 OPTIONS 的操作方法,因此您会收到 405.以最简单的形式,您必须在控制器中实现这样的操作方法.
public HttpResponseMessage Options(){var response = new HttpResponseMessage();response.StatusCode = HttpStatusCode.OK;返回响应;}需要注意的一点是,您在 web.config 中配置的 customHeaders 已经添加了必要的 Access-Control-Allow-Origin 和 Access-Control-Allow-Methods 标题.所以动作方法不一样.
在控制器中实现操作方法有效,但可能不是一个好的选择.更好的选择是实现一个消息处理程序来为您执行此操作.更好的选择是使用 thinktecture 身份模型来启用 CORS.Web API 2内置 CORS 支持(取自 ttidm).
I've tried following this post but I'm still not quite there:
CORS support for PUT and DELETE with ASP.NET Web API
In my web.config I have the following:
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<httpProtocol>
<customHeaders>
<!-- TODO: don't let anyone make requests - only approved clients -->
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="WebDAV" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%Microsoft.NETFrameworkv4.0.30319aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%Microsoft.NETFramework64v4.0.30319aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/>
</modules>
</system.webServer>
But in chrome when I make a POST request I get the Not Allowed error:
My request looks like this:
var request = $.ajax({
async: true,
url: apiEndpoint + 'api/login',
type: 'POST',
data: JSON.stringify(data),
contentType: "application/json; charset=utf-8",
dataType: 'json'
})
apiEndpoint is on localhost but on a different port - the client and api projects are in different solutions.
The POST request eventually makes its way to the server, but I always get an error related to OPTIONS and I never get a cookie saved to the client because of it.
I spent the last couple hours trying to get CORS with WebAPI working:
https://aspnetwebstack.codeplex.com/wikipage?title=CORS%20support%20for%20ASP.NET%20Web%20API
But some assembly versioning issues led to me yanking everything out - hopefully there's a simpler solution.
POST, PUT, DELETE, etc use pre-flighted CORS. The browser sends an OPTIONS request. Since you do not have an action method that handles OPTIONS, you are getting a 405. In its most simplest form, you must implement an action method like this in your controller.
public HttpResponseMessage Options()
{
var response = new HttpResponseMessage();
response.StatusCode = HttpStatusCode.OK;
return response;
}
One thing to note is that the customHeaders you have configured in web.config will already be adding the necessary Access-Control-Allow-Origin and Access-Control-Allow-Methods headers. So the action method is not doing the same.
Implementing action method in controller works but may not be a good option. A better option will be to implement a message handler that does this for you. A much better option will be to use thinktecture identity model to enable CORS. Web API 2 has CORS support built-in (taken from ttidm).
这篇关于使用 WebAPI PUT/POST 请求启用 CORS?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
