IIS 7.5 的 CORS 设置 [英] CORS settings for IIS 7.5

问题描述

有人可以帮我转换以下代码以在 IIS 7.5 中的 web.config 中使用，以及我应该将每段代码放置在 web.config 文件中的什么位置吗?

# 总是设置这些标题.标题总是设置 Access-Control-Allow-Origin "*"标题总是设置 Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"标题总是设置 Access-Control-Max-Age "1000"标头始终设置 Access-Control-Allow-Headersx-requested-with、Content-Type、origin、authorization、accept、client-security-token"# 添加了重写以在每个 OPTIONS 请求上响应 200 SUCCESS.重写引擎开启RewriteCond %{REQUEST_METHOD} 选项重写规则 ^(.*)$ $1 [R=200,L]

解决方案

如果您是为了解决CORS问题而提出这个问题，您可以按照下面的解决方案进行操作.

注意:在添加所有这些之前，您应该考虑安全问题.

1. 将此添加到您的 web.config 文件中:

   <http协议><customHeaders><add name="Access-Control-Allow-Origin" value="*"/><add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, HEAD, OPTIONS"/><add name="Access-Control-Allow-Credentials" value="true"/><add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept"/></customHeaders></http协议></system.webServer>

2. 如果你有 Content-typeajax 调用中的参数，或者您正在执行 PUT 请求.那些被视为 PreFlight 请求.预检请求正在执行OPTION 在发送主要请求(PUT、DELETE 等)之前请求.您可以将以下方法添加到您的 global.asax 文件以成功通过 OPTION 过程:

   protected void Application_BeginRequest(){if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS"){Response.Flush();}}

<块引用>

要了解有关预检请求的更多信息，您可以查看此处

对于解决方案 2，您可以从 此处获得详细信息

Could someone please help me, convert the following code for use in the web.config in IIS 7.5 and where in the web.config file I should place each piece of code?

# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"

# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

解决方案

If you are asking this to solve CORS problem, you can follow this solution below.

NOTE: Before adding all this you should consider security issues.

1. Add this to your web.config file:

   <system.webServer>
     <httpProtocol>
       <customHeaders>
         <add name="Access-Control-Allow-Origin" value="*" />
         <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, HEAD, OPTIONS" />
         <add name="Access-Control-Allow-Credentials" value="true"/>
         <add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" />
       </customHeaders>
     </httpProtocol>
   </system.webServer>
   

2. If you have Content-type parameter in your ajax call or you are doing PUT request.Those are considered as PreFlight requests.Preflight requests are doing OPTION request before sending main request(PUT,DELETE etc).You can add below method to your global.asax file to pass successfully OPTION process:

   protected void Application_BeginRequest()
   {
       if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
       {
           Response.Flush();
       }
   }
   

To have more information about Preflight requests you can check here

For solution number 2 you can have detailed information from here

这篇关于IIS 7.5 的 CORS 设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！