不允许使用 CORS 405 方法 [英] CORS 405 Method Not Allowed

问题描述

我一直在关注 Mozilla 文章，了解如何设置我的网站以允许 跨站点脚本请求.使用 IIS 管理器，我添加了以下 HTTP 响应标头

I have been following the Mozilla article on how to set up my website to allow Cross-site scripting requests. Using IIS Manager I have added the following HTTP Response Headers

Access-Control-Allow-Origin  : *
Access-Control-Allow-Headers : Origin, SecurityPrivateKeyID
Access-Control-Allow-Methods : GET, POST, PUT, DELETE, OPTIONS

尽管如此，当我的浏览器(Firefox 和 Chrome)发送带有自定义 SecurityPrivateKeyID 标头的飞行前请求时，我不断收到 405 Method Not Allowed.

Despite this I keep getting a 405 Method Not Allowed when my browsers (Firefox and Chrome) send the pre-flight request with a custom SecurityPrivateKeyID header.

请求

OPTIONS /Service/Json/User.svc/ HTTP/1.1
Host: serviceprovider.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://client.com
Access-Control-Request-Method: GET
Access-Control-Request-Headers: securityprivatekeyid
Connection: keep-alive

回应

HTTP/1.1 405 Method Not Allowed
Allow: GET
Content-Length: 1565
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/8.0
access-control-allow-origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Origin, SecurityPrivateKeyID
Date: Sat, 23 Mar 2013 08:35:03 GMT

直接在 http://serviceprovider.com/Service/Json/User.svc/ 访问时服务运行良好.

The service works fine when accessing directly at http://serviceprovider.com/Service/Json/User.svc/.

关于我做错了什么有什么想法吗?

Any ideas on what I am doing wrong?

[注意我已将主机文件更改为在我的机器上指向 client.com 和 serviceprovider.com]

[note I have changed my hosts files to point client.com and serviceprovider.com at my machine]

[使用 JSONP 的解决方案不行，因为我的 Web 服务必须能够使用 POST、PUT 和 DELETE 方法]

[a solution using JSONP will not do as my web service must be able to consume POST, PUT and DELETE methos]

推荐答案

我的 IIS 8 实例是全新安装的，看来我需要对 Handler Mappings

My IIS 8 instance is fresh installation, it seems I needed to make some modifications to the Handler Mappings

如果任何建议的更改破坏了您现有的网站，最好备份 applicationhost.config 文件

In the event that any of the sugggested changes break your existing websites it's best to make a backup of the applicationhost.config file

1. 导航到 C:WindowsSystem32inetsrvconfig
2. 复制applicationhost.config

删除未使用的处理程序

作为起点，我删除了所有未使用的处理程序映射以减少问题空间.您可以通过直接修改 applicationhost.config 或使用 IIS 管理器来完成此操作

Remove Unused Handlers

As a starting point I removed all unused Handler Mappings to reduce the problem space. You can do this by modifying the applicationhost.config directly or by using IIS Manager

1. 打开 IIS 管理器
2. 在服务器节点或单个网站节点上选择处理程序映射功能
3. 手动删除所有不需要的映射.

我的网站以服务为基础，仅依赖于静态文件和具有 .aspx 和 .svc 文件扩展名的文件.我还手动删除了整个配置文件中对 .NET 2.0 的所有引用.

My websites are heavily service based and just depend on static files and files with the .aspx and .svc files extensions. I also manually removed all references to .NET 2.0 throughout the configuration file.

这似乎是解决办法.

1. 打开 IIS 管理器
2. 在服务器节点或单个网站节点上选择处理程序映射功能
3. 在左侧列中选择添加模块映射
4. 在 Add Module Mapping 对话框中使用以下值.
   • 请求路径 - *
   • 模块 - ProtocolSupportModule
   • 可执行文件 - [留空]
   • 名称 - [随便你]

1. Open IIS Manager
2. Either on the server node or the individual website node select the Handler Mappings feature
3. In the lefthand column select Add Module Mapping
4. In the Add Module Mapping dialog use the following values.
   • Request path - *
   • Module - ProtocolSupportModule
   • Executable - [Leave blank]
   • Name - [Whatever you want]

• 在 Mapping 选项卡中，取消勾选 Invoke handler only if request is mapped to
• 在 Verbs 选项卡中确保选择了 OPTIONS
• 在 Access 选项卡中选择 Script

• In the Mapping tab, unckeck Invoke handler only if request is mapped to
• In the Verbs tab ensure OPTIONS is selected
• In the Access tab select Script

我生成的 Handlers 配置如下所示

My resulting Handlers configuration looks like this

<handlers accessPolicy="Read, Script">
    <add name="OPTIONS" path="*" verb="OPTIONS" modules="ProtocolSupportModule" resourceType="Unspecified" />
    <add name="svc-Integrated-4.0" path="*.svc" verb="*" type="System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
    <add name="SecurityCertificate" path="*.cer" verb="GET,HEAD,POST" modules="IsapiModule" scriptProcessor="%windir%system32inetsrvasp.dll" resourceType="File" />
    <add name="ISAPI-dll" path="*.dll" verb="*" modules="IsapiModule" resourceType="File" requireAccess="Execute" allowPathInfo="true" />
    <add name="PageHandlerFactory-Integrated-4.0" path="*.aspx" verb="GET,HEAD,POST,DEBUG" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
    <add name="CGI-exe" path="*.exe" verb="*" modules="CgiModule" resourceType="File" requireAccess="Execute" allowPathInfo="true" />
    <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" responseBufferLimit="0" />
    <add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
</handlers>

这篇关于不允许使用 CORS 405 方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！