MVC6 Cors - 拦截预检 [英] MVC6 Cors - intercept preflight
问题描述
我将我的WebApi升级到MVC6。
在WebApi我可以拦截每个HTTP请求,如果它是一个预检我可以响应头浏览器会接受。
我想弄清楚如何做同样的事情在MVC6 WebApi。
这是WebApi代码。
protected void Application_BeginRequest(object sender,EventArgs e)
{
if(Context.Request.Path.Contains(api /)&& amp;& amp;& amp;&& Allow-Origin,Context.Request.Headers [Origin]);
Context.Response.AddHeader(Access-Control-Allow-Headers,Origin,X-Requested-With,Content-Type,Accept);
Context.Response.AddHeader(Access-Control-Allow-Methods,GET,POST,PUT,DELETE,OPTIONS);
Context.Response.AddHeader(Access-Control-Allow-Credentials,true);
Context.Response.End();
}
}
如何用MVC6做同样的事情? / p>
感谢,
Bob
这是我根据反馈进行的下一次尝试。如果我理解中间件管道,我可能自己想出来。
我试过这个代码,但它并没有像我所希望的http请求。
public void配置(IApplicationBuilder应用程序,IHostingEnvironment env)
{
//配置HTTP请求管道。
app.UseStaticFiles();
//将MVC添加到请求管道。
app.UseMvc();
//为移植Web API 2控制器添加以下路由。
// routes.MapWebApiRoute(DefaultApi,api / {controller} / {id?});
//自定义中间件在每个调用进入时检查它们。
app.Use(async(httpContext,next)=>
{
if .Request.Path.Value.Contains(api /)&&& httpContext.Request.Method ==OPTIONS)
{
httpContext.Response.Headers.Add(Access Control -Allow-Origin,new [] {httpContext.Request.Headers [Origin]});
httpContext.Response.Headers.Add(Access-Control-Allow-Headers,new [] {原始,请求的X请求,内容类型,接受});
httpContext.Response.Headers.Add(访问控制允许方法,新[] {GET,POST,PUT, DELETE,OPTIONS});
httpContext.Response.Headers.Add(Access-Control-Allow-Credentials,new [] {true});
return;
}
await next();
});
}
请添加您自己的中间件。这里是一个快速添加它的内联示例,但你也可以封装在一个类中:
app.Use(async(httpContext, next)=>
{
if(httpContext.Request.Path.Value.Contains(api /)&&& httpContext.Request.Method ==OPTIONS)
{
httpContext.Response.Headers.Add(Access-Control-Allow-Origin,new [] {httpContext.Request.Headers [Origin]});
httpContext.Response.Headers。 Add(Access-Control-Allow-Headers,new [] {Origin,X-Requested-With,Content-Type,Accept});
httpContext.Response.Headers.Add -Allow-Methods,new [] {GET,POST,PUT,DELETE,OPTIONS});
httpContext.Response.Headers.Add(Access-Control-Allow-Credentials,new [] { true});
return;
}
await next();
});
您可能还想关注正在进行的工作以支持ASP 5框架
I'm upgrading my WebApi(s) to MVC6.
In WebApi I could intercept every HTTP request and if it was a preflight I could respond with headers the browser would accept.
I'm trying to figure out how to do the same thing in MVC6 WebApi.
Here is the WebApi code.
protected void Application_BeginRequest(object sender, EventArgs e)
{
if (Context.Request.Path.Contains("api/") && Context.Request.HttpMethod == "OPTIONS")
{
Context.Response.AddHeader("Access-Control-Allow-Origin", Context.Request.Headers["Origin"]);
Context.Response.AddHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
Context.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
Context.Response.AddHeader("Access-Control-Allow-Credentials", "true");
Context.Response.End();
}
}
How do I do the same thing with MVC6?
Thanks, Bob
Here is my next attempt based on feedback. I could probably figure this out on my own if I understood the middleware pipeline. I'll learn it now of course.
I tried this code but it's not hit on http requests as I had hoped.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
// Configure the HTTP request pipeline.
app.UseStaticFiles();
// Add MVC to the request pipeline.
app.UseMvc();
// Add the following route for porting Web API 2 controllers.
// routes.MapWebApiRoute("DefaultApi", "api/{controller}/{id?}");
// custom middleware to checked each call as it comes in.
app.Use(async (httpContext, next) =>
{
if (httpContext.Request.Path.Value.Contains("api/") && httpContext.Request.Method == "OPTIONS")
{
httpContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { httpContext.Request.Headers["Origin"] });
httpContext.Response.Headers.Add("Access-Control-Allow-Headers", new[] { "Origin, X-Requested-With, Content-Type, Accept" });
httpContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "GET, POST, PUT, DELETE, OPTIONS" });
httpContext.Response.Headers.Add("Access-Control-Allow-Credentials", new[] { "true" });
return;
}
await next();
});
}
You can add your own middleware for that. Here is a quick example adding it inline, but you could also encapsulate in a class:
app.Use(async (httpContext, next) =>
{
if (httpContext.Request.Path.Value.Contains("api/") && httpContext.Request.Method == "OPTIONS")
{
httpContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { httpContext.Request.Headers["Origin"] });
httpContext.Response.Headers.Add("Access-Control-Allow-Headers", new[] { "Origin, X-Requested-With, Content-Type, Accept" });
httpContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "GET, POST, PUT, DELETE, OPTIONS" });
httpContext.Response.Headers.Add("Access-Control-Allow-Credentials", new[] { "true" });
return;
}
await next();
});
You will probably also want to keep an eye on the ongoing work to support cors within the ASP 5 framework
这篇关于MVC6 Cors - 拦截预检的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
