webApi中的子域CORS 2 [英] subdomain CORS in webApi 2
问题描述
我使用的是WebApi,就像我从 http://t.co/mt9wIL8gLA 中学到的
I am using WebApi like I've learnt from http://t.co/mt9wIL8gLA
如果我确切地知道我的客户端请求的完美原始URI,这一切都很好。
太糟糕了我写了一个企业级的API,所以我的请求,说
http:/ /apps.contoso.com/myApp/api/foobar
It all works well if I know exactly the perfect origin URI of my client's requests. Too bad I am writing an enterprise-wide API, so my request to, say http://apps.contoso.com/myApp/api/foobar
可能来自我的网域上的应用程式,例如:
may come from apps all over my domain, say:
http://apps.contoso.com/CRMApp
http://www.contoso.com/LegacyApp
http://test.contoso.com/newApps/WowApp
...
和我的企业构建的所有新应用程序。
http://test.contoso.com/newApps/WowApp ... and all the new apps my enterprise builds.
最好的方法是什么?使用 Origins =*
是奶酪,将来源添加到我的WS源并重新部署是cheesy。
What is the best way to approach this? using Origins="*"
is cheesy, adding origins to my WS source and redeploy is cheesier.
解决方案正在编写自定义CorsPolicyAttribute,如 http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api#cors-policy-providers
My current solution is writing a custom CorsPolicyAttribute like in http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api#cors-policy-providers
并从web.config中的appsettings中读取允许的起源。
A LITTLE更好地可以在自定义属性内检查请求Origin:header是否来自contoso.com,可能是一个regexp,并将其添加到允许的起始。
and read the allowed origins from appsettings in web.config. A LITTLE better could be, inside the custom attribute, checking if the request Origin: header is from contoso.com, maybe with a regexp, and add it to allowed origins.
我想知道是否有更好,更标准的方法。
I am wondering if there is a better, more standard, way.
推荐答案
http://msdn.microsoft.com/en-us/magazine/dn532203.aspx相对=nofollow> DynamicPolicyProviderFactory 。这就是我用什么......我甚至贴出问题关于它的一天样的,说明如何在允许的域添加到web.config文件。
Use a DynamicPolicyProviderFactory. That's what I use...I even posted a question about it the other day that kind of shows how to add the allowed domains to the web.config file.
这篇关于webApi中的子域CORS 2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!