设置访问控制允许原产地在ASP.Net MVC - 最简单可行的方法 [英] Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method
问题描述
我有一个简单actionmethod,返回一些JSON。它运行在ajax.example.com。我需要从其他网站someothersite.com访问此。
如果我尝试调用它,我得到预期的...
产地http://someothersite.com没有被访问控制允许来源允许的。
我知道有两种方法来解决这个问题:<一href=\"http://stackoverflow.com/questions/5968682/jquery-ajax-json-cross-domain-request-and-asp-net-mvc\">JSONP并创建一个自定义的HttpHandler 来
设置头
有没有简单的方法?
这是不可能简单的操作来定义允许起源的清单 - 或简单的让大家?也许一个动作过滤器?
优化将是...
返回JSON(MYDATA,JsonBehaviour.IDontCareWhoAccessesMe);
对于纯ASP.NET MVC控制器
创建一个新的属性
公共类AllowCrossSiteJsonAttribute:ActionFilterAttribute
{
公共覆盖无效OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.AddHeader(访问控制允许原产地,*);
base.OnActionExecuting(filterContext);
}
}
标记你的行动:
[AllowCrossSiteJson]
公众的ActionResult YourMethod()
{
返回JSON(作品更好?);
}
有关的ASP.NET Web API
使用系统;
使用System.Web.Http.Filters;公共类AllowCrossSiteJsonAttribute:ActionFilterAttribute
{
公共覆盖无效OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
如果(actionExecutedContext.Response!= NULL)
actionExecutedContext.Response.Headers.Add(访问控制允许原产地,*); base.OnActionExecuted(actionExecutedContext);
}
}
标签的整个API控制器:
[AllowCrossSiteJson]
公共类ValuesController:ApiController
{
或单个API调用:
[AllowCrossSiteJson]
公共IEnumerable的&LT; PartViewModel&GT;得到()
{
...
}
对于Internet Explorer&LT; = V9
&IE LT = 9不支持CORS。我写了一个JavaScript代码会自动路由通过代理这些请求。这一切都100%透明的(你只需要包括我的代理和脚本)。
下载使用它的NuGet corsproxy
,并按照说明包含
<一个href=\"http://blog.gauffin.org/2014/04/how-to-use-cors-requests-in-internet-explorer-9-and-below/\">Blog帖子 | 来源$ C $ C
I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.
If I try to call it, I get the expected...:
Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.
I know of two ways to get around this: JSONP and creating a custom HttpHandler to set the header.
Is there no simpler way?
Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter?
Optimal would be...:
return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);
For plain ASP.NET MVC Controllers
Create a new attribute
public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
base.OnActionExecuting(filterContext);
}
}
Tag your action:
[AllowCrossSiteJson]
public ActionResult YourMethod()
{
return Json("Works better?");
}
For ASP.NET Web API
using System;
using System.Web.Http.Filters;
public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
if (actionExecutedContext.Response != null)
actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");
base.OnActionExecuted(actionExecutedContext);
}
}
Tag a whole API controller:
[AllowCrossSiteJson]
public class ValuesController : ApiController
{
Or individual API calls:
[AllowCrossSiteJson]
public IEnumerable<PartViewModel> Get()
{
...
}
For Internet Explorer <= v9
IE <= 9 doesn't support CORS. I've written a javascript that will automatically route those requests through a proxy. It's all 100% transparent (you just have to include my proxy and the script).
Download it using nuget corsproxy
and follow the included instructions.
这篇关于设置访问控制允许原产地在ASP.Net MVC - 最简单可行的方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!