在IIS7上启用跨源资源共享 [英] enabling cross-origin resource sharing on IIS7
问题描述
我最近遇到了将JavaScript请求发布到其他域的问题。默认情况下,不允许将XHR发布到其他网域。
按照
很可能是IIS 7处理HTTP OPTIONS响应而不是应用程序指定它的情况。要确定这一点,在IIS7中,
-
转到您的网站的处理程序映射。
-
向下滚动到OPTIONSVerbHandler。
-
将ProtocolSupportModule更改为IsapiHandler
-
设置可执行文件:
%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
也可以在BeginRequest方法中响应HTTP OPTIONS动词。
protected void Application_BeginRequest(object sender,EventArgs e)
{
HttpContext.Current.Response.AddHeader(Access --Control-Allow-Origin,*);
if(HttpContext.Current.Request.HttpMethod ==OPTIONS)
{
//这些头正在处理浏览器发送的pre-flightOPTIONS调用
HttpContext.Current.Response.AddHeader(Access-Control-Allow-Methods,GET,POST,PUT,DELETE);
HttpContext.Current.Response.AddHeader(Access-Control-Allow-Headers,Content-Type,Accept);
HttpContext.Current.Response.AddHeader(Access-Control-Max-Age,1728000);
HttpContext.Current.Response.End();
}
}
I recently ran into with posting Javascript requests to another domain. By default XHR posting to other domains is not allowed.
Following the instructions from http://enable-cors.org/, I enabled this on the other domain.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Everything works fine now, however it is still return a 405 response before sending back the working 200 response.
Request URL:http://testapi.nottherealsite.com/api/Reporting/RunReport
Request Method:OPTIONS
Status Code:405 Method Not Allowed
Request Headersview source
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Access-Control-Request-Headers:origin, content-type, accept
Access-Control-Request-Method:POST
Connection:keep-alive
Host:testapi.nottherealsite.com
Origin:http://test.nottherealsite.com
Referer:http://test.nottherealsite.com/Reporting
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Response Headersview source
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin:*
Allow:POST
Cache-Control:private
Content-Length:1565
Content-Type:text/html; charset=utf-8
Date:Tue, 18 Sep 2012 14:26:06 GMT
Server:Microsoft-IIS/7.5
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET
Update: 3/02/2014
There is a recently updated article in MSDN magazine. Detailing CORS Support in ASP.NET Web API 2.
http://msdn.microsoft.com/en-us/magazine/dn532203.aspx
It is likely a case of IIS 7 'handling' the HTTP OPTIONS response instead of your application specifying it. To determine this, in IIS7,
Go to your site's Handler Mappings.
Scroll down to 'OPTIONSVerbHandler'.
Change the 'ProtocolSupportModule' to 'IsapiHandler'
Set the executable: %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
Now, your config entries above should kick in when an HTTP OPTIONS verb is sent.
Alternatively you can respond to the HTTP OPTIONS verb in your BeginRequest method.
protected void Application_BeginRequest(object sender,EventArgs e)
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
if(HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
//These headers are handling the "pre-flight" OPTIONS call sent by the browser
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000" );
HttpContext.Current.Response.End();
}
}
这篇关于在IIS7上启用跨源资源共享的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
