Cors请求和MVC5 [英] Cors requests and MVC5
问题描述
所以我有一个控制器的视图...
[AllowAnonymous]
[Route )]
public ActionResult MyView()
{
//首次尝试解决问题
Response.AddHeader(Access-Control-Allow-Origin,* ;
Response.AddHeader(Access-Control-Allow-Headers,*);
Response.AddHeader(Access-Control-Allow-Methods,*);
return PartialView();
}
我试过添加这个属性(第二次尝试)...
public class AllowCors:ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.AddHeader(Access-Control-Allow-Origin,*);
filterContext.RequestContext.HttpContext.Response.AddHeader(Access-Control-Allow-Headers,*);
filterContext.RequestContext.HttpContext.Response.AddHeader(Access-Control-Allow-Methods,*);
base.OnActionExecuting(filterContext);
}
}
由于im使用owin来初始化我的应用程序可能工作(第三次尝试)...
app.Use((context,next)=>
{
if(context.Request.Method ==OPTIONS)
{
context.Response.StatusCode = 200;
context.Response.Headers.Add(Access Control -Allow-Origin,new [] {*});
context.Response.Headers.Add(Access-Control-Allow-Headers,new [] {*});
context.Response.Headers.Add(Access-Control-Allow-Methods,new [] {*});
return context.Response.WriteAsync(handled);
}
return next.Invoke();
})。UseStageMarker(PipelineStage.PreHandlerExecute);
问题是,如果我只是直接要求把它放在浏览器中的url正确的标头...
访问控制允许标头:*
访问控制允许方法:*
Access-Control-Allow-Origin:*
到邮递员测试这个,当我发出一个OPTIONS调用到同一个网址,我得到这个在头...
允许:OPTIONS,TRACE,GET,HEAD,POST
...那么如何让MVC响应正确到OPTIONS http动词,以便我可以在网站域外使用此视图?
EDIT
这是值得注意的,我已经找到了所有这些和更多...
添加软件包并将该行添加到 Configuration
p>
如您在截图中所看到的, code> access-control-allow-origin 已按预期添加在响应标头中
So I have a view on a controller ...
[AllowAnonymous]
[Route("MyView")]
public ActionResult MyView()
{
// first attempt at solving problem
Response.AddHeader("Access-Control-Allow-Origin", "*");
Response.AddHeader("Access-Control-Allow-Headers", "*");
Response.AddHeader("Access-Control-Allow-Methods", "*");
return PartialView();
}
I tried adding this attribute (2nd attempt) ...
public class AllowCors : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Headers", "*");
filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Methods", "*");
base.OnActionExecuting(filterContext);
}
}
As im using owin to initialise my app I figured this might work (3rd attempt) ...
app.Use((context, next) =>
{
if (context.Request.Method == "OPTIONS")
{
context.Response.StatusCode = 200;
context.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
context.Response.Headers.Add("Access-Control-Allow-Headers", new[] { "*" });
context.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "*" });
return context.Response.WriteAsync("handled");
}
return next.Invoke();
}).UseStageMarker(PipelineStage.PreHandlerExecute);
The problem is that if I just straight up ask for it by putting the url in the browser I get the right headers ...
Access-Control-Allow-Headers:*
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin:*
... moving over in to postman to test this, when I issue an OPTIONS call to the same URL I get this in the headers ...
Allow: OPTIONS, TRACE, GET, HEAD, POST
... so how do I get MVC to respond correctly to the OPTIONS http verb so that I can use this view outside the domain of the site?
EDIT
it's worth noting that I have looked around already and found all these and many more ...
The requested resource does not support http method 'OPTIONS'.?
jQuery $.ajax(), $.post sending "OPTIONS" as REQUEST_METHOD in Firefox
AJAX in Chrome sending OPTIONS instead of GET/POST/PUT/DELETE?
Why does this jQuery AJAX PUT work in Chrome but not FF
How to support HTTP OPTIONS verb in ASP.NET MVC/WebAPI application
... i'm also very familiar with using CORS and making CORS requests in to WebAPI, but for some reason I can't seem to make a CORS request in to MVC without getting this seemingly "dummy" response back.
I think what I need is a means to override / replace the MVC default behaviour to this HttpVerb based request to allow me to embed views in a remote site.
Install these two nuget packages:
Microsoft.AspNet.Cors
Microsoft.Owin.Cors
Then in your Startup.cs
add this line inside the Configuration
function:
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
app.UseCors(CorsOptions.AllowAll);
}
}
In my demo setup I'm sending a post request from the domain http://example.local (Apache) to the domain http://localhost:6569/ (IIS Express).
Without app.UseCors(CorsOptions.AllowAll);
(notice the warning in the console and no CORS headers):
And after adding the packages and adding the line to the Configuration
method:
As you can see in the screenshot, the access-control-allow-origin
was added in the response headers as expected/
这篇关于Cors请求和MVC5的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!