在Azure Web中启用CORS [英] Enable CORS in Azure web

问题描述

我想要做的是，当从我的JavaScript 调用https服务（不是我自己的）时，为.net MVC 5 Azure网站启用CORS（跨源资源共享）。

我总是遇到相同的错误

XMLHttpRequest无法加载我得到以下响应，其中没有访问控制允许原产地限制（因此它的工作方式）

请求（至 https://someservice-I-have-no-control-over.com ）

  GET / someservice-I-have-no-control-over / SomeAction / 44 HTTP / 1.1 
 Host：someservice-I-have-no-control-over.com 
 User-Agent：Mozilla / 5.0 NT 6.3; WOW64; rv：37.0）Gecko / 20100101 Firefox / 37.0 
 Accept：text / html，application / xhtml + xml，application / xml; q = 0.9，* / *; q = 0.8 
 Accept-Language：en-US，en; q = 0.5 
接受编码：gzip，deflate 
连接：keep-alive 
如果无匹配：53867cff-96b0-411f- 88b7-d84765f9f8e8
 Cache-Control：max-age = 0 
  

回覆

  HTTP / 1.1 304未修改
缓存控制：max-age = 900 
服务器：Microsoft- 8.5 
 X-AspNet版本：4.0.30319 
 X-Powered-By：ASP.NET 
访问控制允许方法：GET，POST，PUT，DELETE，OPTIONS 
 Date：Tue，24 Feb 2015 11:06:53 GMT 
  

解决方案

不可能。

它在本地运行，因为它是服务器

当你调用真正的网站时，他们可能不会添加CORS允许标头（ Access-Control-Allow-Origin ），因此您的请求被拒绝。

您可以使用JSONP通过您自己的网站代理所有请求。

您可以使用我的CORS代理： https：/ /github.com/jgauffin/corsproxy 。它的用途是为IE9及以下，但工作与所有要求一样好。

What I´m trying to do is to enable CORS (Cross-origin Resource Sharing) for .net MVC 5 Azure website when calling a https service (not my own) from my JavaScript.

I always get the same error

XMLHttpRequest cannot load https://someservice-I-have-no-control-over. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://my.azurewebsites.net' is therefore not allowed access. The response had HTTP status code 400.

I have managed to enable this when developing locally, setting my project to https and adding the following to web.config

<system.webServer>
<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS"/>
    <add name="Access-Control-Allow-Headers" value="Content-Type, Accept, SOAPAction"/>
    <add name="Access-Control-Max-Age" value="1728000"/>
  </customHeaders>
</httpProtocol>
</system.webServer>

That adds the 'Access-Control-Allow-Origin' header. But that does not seem to work on the Azure website.

And I can´t find any settings like in the Mobile Services where you can allow this like you see here.

Since I know you are all going to ask for code (that works locally btw) there you have the simple Jquery call to the service

$.ajax({
    url: 'https://someservice-I-have-no-control-over',
    dataType: 'json',
    contentType: 'application/json',
    type: 'GET',
    success: function (response) {
        $.each(response, function (key, value) {
          console.log("success"); //Doesn´t happen! :-(
        });
    },
    error: function (xhr, text, error) {
        if ($.isFunction(onError)) {
            onError(xhr.responseJSON);
        }
    }
});

So any thoughts?

Edit 1

Just to clarify a little.

I am calling a service that I have no control over that is a https one, in a javascript (not a controller) that is mine.

Edit 2

Ok I thought that I could intercept the response from the third party service and add this header before the browser rejects it. As I see it that is not possible (right?). But how come it works locally?

If I capture the call to this service with e.g LiveHTTPHeaders I get the following response where there is not a "Access-Control-Allow-Origin" restriction (so way does it work locally?).

Request (to https://someservice-I-have-no-control-over.com)

GET /someservice-I-have-no-control-over/SomeAction/44 HTTP/1.1
Host: someservice-I-have-no-control-over.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
If-None-Match: "53867cff-96b0-411f-88b7-d84765f9f8e8"
Cache-Control: max-age=0

Reply

HTTP/1.1 304 Not Modified
Cache-Control: max-age=900
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Date: Tue, 24 Feb 2015 11:06:53 GMT

解决方案

Not possible.

It works locally because it's the server that must have the allow headers, and when you call your own webserver from your javascript you can add those headers.

When you call the real website they do probably not add the CORS allow header (Access-Control-Allow-Origin) and your request is therefore denied.

What you could do is either to use JSONP or proxy all requests through your own website.

You could for instance use my CORS proxy: https://github.com/jgauffin/corsproxy. It's intended usage is for IE9 and below, but works just as fine for all requests.

这篇关于在Azure Web中启用CORS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！