IIS 7.5的CORS设置 [英] CORS settings for IIS 7.5
问题描述
有人可以帮助我,转换以下代码在web.config中使用IIS 7.5和在web.config文件中我应该放置每一段代码?
#始终设置这些头。
标题始终设置Access-Control-Allow-Origin*
标题始终设置Access-Control-Allow-MethodsPOST,GET,OPTIONS,DELETE,PUT
标题始终设置Access - 控制 - 最大 - 年龄1000
标题总是设置访问控制允许标题x-requested-with,Content-Type,origin,authorization,accept,client-security-token
#添加了一个重写,以在每个OPTIONS请求中使用200个SUCCESS进行响应。
RewriteEngine On
RewriteCond%{REQUEST_METHOD}选项
RewriteRule ^(。*)$ $ 1 [R = 200,L]
如果您要求此问题解决 CORS 问题,您可以按照下面的解决方案。 p>
1.将此添加到您的web.config文件中:
httpProtocol>
< customHeaders>
< add name =Access-Control-Allow-Originvalue =*/>
< add name =Access-Control-Allow-Methodsvalue =GET,PUT,POST,DELETE,HEAD,OPTIONS/>
< add name =Access-Control-Allow-Credentialsvalue =true/>
< add name =Access-Control-Allow-Headersvalue =X-Requested-With,origin,content-type,accept/>
< / customHeaders>
< / httpProtocol>
2.如果您的 ajax 调用或您正在执行PUT请求。将
视为 PreFlight 请求.Preflight请求在发送主请求之前执行
OPTION 请求PUT,DELETE等)。您可以
添加下面的方法到您的global.asax文件中成功传递OPTION过程:
protected void Application_BeginRequest()
{
if(Request.Headers.AllKeys.Contains(Origin)&& amp;& amp;&&&&& amp; Request.HttpMethod ==OPTIONS)
{
Response.Flush();
}
}
关于PreFligt请求,您可以在此处查看
解决方案编号2,您可以从此处获取详细信息
PS:在添加所有这些之前,您应考虑安全问题。
Could someone please help me, convert the following code for use in the web.config in IIS 7.5 and where in the web.config file I should place each piece of code?
# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
If you are asking this to solve CORS problem, you can follow this solution below.
1.Add this to your web.config file:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, HEAD, OPTIONS" />
<add name="Access-Control-Allow-Credentials" value="true"/>
<add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" />
</customHeaders>
</httpProtocol>
2.If you have Content-type parameter in your ajax call or you are doing PUT request.Those are considered as PreFlight requests.Preflight requests are doing OPTION request before sending main request(PUT,DELETE etc).You can add below method to your global.asax file to pass successfully OPTION process:
protected void Application_BeginRequest()
{
if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
{
Response.Flush();
}
}
To have more information about PreFligt requests you can check here
For solution number 2 you can have detailed information from here
P.S: Before adding all this you should consider security issues.
这篇关于IIS 7.5的CORS设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
