CORS 405方法不允许 [英] CORS 405 Method Not Allowed
问题描述
我一直在关注如何设置我的网站的 Mozilla文章,以允许跨网站脚本请求。使用IIS管理器我添加了以下HTTP响应头
Access-Control-Allow-Origin:*
Access- Control-Allow-Headers:Origin,SecurityPrivateKeyID
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
尽管如此,当我的浏览器(Firefox和Chrome)发送飞行前请求时,仍会收到 405 Method Not Allowed
code> SecurityPrivateKeyID 标头。
请求
code>选项/Service/Json/User.svc/ HTTP / 1.1
主机:serviceprovider.com
用户代理:Mozilla / 5.0(Windows NT 6.2; WOW64; rv:19.0)Gecko / 20100101 Firefox / 19.0
Accept:text / html,application / xhtml + xml,application / xml; q = 0.9,* / *; q = 0.8
Accept-Language:en-US,en; q = 0.5
Accept-Encoding:gzip,deflate
原产地:http://client.com
访问控制请求方法:GET
访问控制请求 - 标题:securityprivatekeyid
连接:keep-alive
响应
<$ c $ p>
HTTP / 1.1 405不允许的方法
允许:GET
Content-Length:1565
Content-Type:text / html ; charset = UTF-8
服务器:Microsoft-IIS / 8.0
访问控制允许源:*
访问控制允许方法:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Headers:Origin,SecurityPrivateKeyID
日期:Sat,23 Mar 2013 08:35:03 GMT
当直接访问 http://serviceprovider.com/Service/Json/User.svc/
时,服务可以正常工作。 / p>
有什么想法我做错了什么?
[请注意,我已将我的主机文件更改为点客户端。 com和serviceprovider.com在我的机器]
[使用JSONP的解决方案不会,因为我的web服务必须能够消耗POST,PUT和DELETE methos] p>
我的IIS 8实例是全新安装,看来我需要对 Handler Mappings
备份IIS配置
如果任何建议的更改现有网站最好备份applicationhost.config文件
- 导航到
C:\Windows \\ \\ System32 \inetsrv\config
- 复制
applicationhost.config
删除未使用的处理程序
作为起点,我删除了所有未使用的处理程序映射,问题空间。您可以通过直接修改 applicationhost.config
或使用IIS管理器修改
- 打开IIS管理器
- 在服务器节点或单个网站节点上选择处理程序映射功能
- 手动删除所有不映射的映射需要。
我的网站是基于服务的,只依赖于静态文件和文件与 .aspx
和 .svc
文件扩展名。我还手动删除所有对 .NET 2.0
的引用。
添加OPTIONS处理程序
这似乎是修复。
- 打开IIS管理器
- 在服务器节点或单个网站节点上选择处理程序映射功能
- 在左侧列中选择
添加模块映射
- 在
添加模块映射
对话框中使用以下值。
-
请求路径
-*
-
模块
-ProtocolSupportModule
-
可执行
- [留空] -
名称
- [ b $ b
-
- 点击
请求限制
-
映射
标签,unckeck仅当请求映射到
时调用处理程序 -
动词
标签确保选择选项
- c>访问标签选择
脚本
-
我生成的Handlers配置如下:
< handlers accessPolicy =脚本>
< add name =OPTIONSpath =*verb =OPTIONSmodules =ProtocolSupportModuleresourceType =Unspecified/>
< add name =svc-Integrated-4.0path =*。svcverb =*type =System.ServiceModel.Activation.ServiceHttpHandlerFactory,System.ServiceModel.Activation,Version = 4.0.0.0 ,Culture = neutral,PublicKeyToken = 31bf3856ad364e35resourceType =UnspecifiedrequireAccess =ScriptpreCondition =integratedMode,runtimeVersionv4.0/>
< add name =SecurityCertificatepath =*。cerverb =GET,HEAD,POSTmodules =IsapiModulescriptProcessor =%windir%\system32\inetsrv\asp.dll resourceType =File/>
< add name =ISAPI-dllpath =*。dllverb =*modules =IsapiModuleresourceType =FilerequireAccess =ExecuteallowPathInfo =true/>
< add name =PageHandlerFactory-Integrated-4.0path =*。aspxverb =GET,HEAD,POST,DEBUGtype =System.Web.UI.PageHandlerFactoryresourceType =Unspecified requireAccess =ScriptpreCondition =integratedMode,runtimeVersionv4.0/>
< add name =CGI-exepath =* .exeverb =*modules =CgiModuleresourceType =FilerequireAccess =ExecuteallowPathInfo =true/>
< add name =ExtensionlessUrlHandler-Integrated-4.0path =*。 verb =*type =System.Web.Handlers.TransferRequestHandlerresourceType =UnspecifiedrequireAccess =ScriptpreCondition =integratedMode,runtimeVersionv4.0responseBufferLimit =0/>
< add name =StaticFilepath =*verb =*modules =StaticFileModule,DefaultDocumentModule,DirectoryListingModuleresourceType =EitherrequireAccess =Read/>
< / handlers>
I have been following the Mozilla article on how to set up my website to allow Cross-site scripting requests. Using IIS Manager I have added the following HTTP Response Headers
Access-Control-Allow-Origin : *
Access-Control-Allow-Headers : Origin, SecurityPrivateKeyID
Access-Control-Allow-Methods : GET, POST, PUT, DELETE, OPTIONS
Despite this I keep getting a 405 Method Not Allowed
when my browsers (Firefox and Chrome) send the pre-flight request with a custom SecurityPrivateKeyID
header.
Request
OPTIONS /Service/Json/User.svc/ HTTP/1.1
Host: serviceprovider.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://client.com
Access-Control-Request-Method: GET
Access-Control-Request-Headers: securityprivatekeyid
Connection: keep-alive
Response
HTTP/1.1 405 Method Not Allowed
Allow: GET
Content-Length: 1565
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/8.0
access-control-allow-origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Origin, SecurityPrivateKeyID
Date: Sat, 23 Mar 2013 08:35:03 GMT
The service works fine when accessing directly at http://serviceprovider.com/Service/Json/User.svc/
.
Any ideas on what I am doing wrong?
[note I have changed my hosts files to point client.com and serviceprovider.com at my machine]
[a solution using JSONP will not do as my web service must be able to consume POST, PUT and DELETE methos]
My IIS 8 instance is fresh installation, it seems I needed to make some modifications to the Handler Mappings
Backup IIS Configuration
In the event that any of the sugggested changes break your existing websites it's best to make a backup of the applicationhost.config file
- Navigate to
C:\Windows\System32\inetsrv\config
- Make a copy of
applicationhost.config
Remove Unused Handlers
As a starting point I removed all unused Handler Mappings to reduce the problem space. You can do this by modifying the applicationhost.config
directly or by using IIS Manager
- Open IIS Manager
- Either on the server node or the individual website node select the Handler Mappings feature
- Manually remove all mappings that you don't need.
My websites are heavily service based and just depend on static files and files with the .aspx
and .svc
files extensions. I also manually removed all references to .NET 2.0
throughout the configuration file.
Add OPTIONS Handler
This seems to be the fix.
- Open IIS Manager
- Either on the server node or the individual website node select the Handler Mappings feature
- In the lefthand column select
Add Module Mapping
- In the
Add Module Mapping
dialog use the following values.Request path
-*
Module
-ProtocolSupportModule
Executable
- [Leave blank]Name
- [Whatever you want]
- Click
Request Restrictions
- In the
Mapping
tab, unckeckInvoke handler only if request is mapped to
- In the
Verbs
tab ensureOPTIONS
is selected - In the
Access
tab selectScript
- In the
My resulting Handlers configuration looks like this
<handlers accessPolicy="Read, Script">
<add name="OPTIONS" path="*" verb="OPTIONS" modules="ProtocolSupportModule" resourceType="Unspecified" />
<add name="svc-Integrated-4.0" path="*.svc" verb="*" type="System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="SecurityCertificate" path="*.cer" verb="GET,HEAD,POST" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="File" />
<add name="ISAPI-dll" path="*.dll" verb="*" modules="IsapiModule" resourceType="File" requireAccess="Execute" allowPathInfo="true" />
<add name="PageHandlerFactory-Integrated-4.0" path="*.aspx" verb="GET,HEAD,POST,DEBUG" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" />
<add name="CGI-exe" path="*.exe" verb="*" modules="CgiModule" resourceType="File" requireAccess="Execute" allowPathInfo="true" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" resourceType="Unspecified" requireAccess="Script" preCondition="integratedMode,runtimeVersionv4.0" responseBufferLimit="0" />
<add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" resourceType="Either" requireAccess="Read" />
</handlers>
这篇关于CORS 405方法不允许的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!