在 IIS7 上启用跨域资源共享

enabling cross-origin resource sharing on IIS7(在 IIS7 上启用跨域资源共享)
本文介绍了在 IIS7 上启用跨域资源共享的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我最近遇到了将 Javascript 请求发布到另一个域的问题.默认情况下,不允许将 XHR 发布到其他域.

按照

解决方案

这可能是 IIS 7处理"HTTP OPTIONS 响应而不是您的应用程序指定它的情况.为了确定这一点,在 IIS7 中,

  1. 转到您网站的处理程序映射.

  2. 向下滚动到OPTIONSVerbHandler".

  3. 将ProtocolSupportModule"更改为IsapiHandler"

  4. 设置可执行文件:%windir%Microsoft.NETFrameworkv4.0.30319aspnet_isapi.dll

现在,当发送 HTTP OPTIONS 动词时,上面的配置条目应该会启动.

您也可以在 BeginRequest 方法中响应 HTTP OPTIONS 动词.

 protected void Application_BeginRequest(object sender,EventArgs e){HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");if(HttpContext.Current.Request.HttpMethod == "选项"){//这些标头正在处理浏览器发送的飞行前" OPTIONS 调用HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000" );HttpContext.Current.Response.End();}}

I recently ran into with posting Javascript requests to another domain. By default XHR posting to other domains is not allowed.

Following the instructions from http://enable-cors.org/, I enabled this on the other domain.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*" />
      <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
      <add name="Access-Control-Allow-Headers" value="Content-Type" />
    </customHeaders>
  </httpProtocol>
 </system.webServer>
</configuration>

Everything works fine now, however it is still return a 405 response before sending back the working 200 response.

Request URL:http://testapi.nottherealsite.com/api/Reporting/RunReport
Request Method:OPTIONS
Status Code:405 Method Not Allowed
Request Headersview source
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Access-Control-Request-Headers:origin, content-type, accept
Access-Control-Request-Method:POST
Connection:keep-alive
Host:testapi.nottherealsite.com
Origin:http://test.nottherealsite.com
Referer:http://test.nottherealsite.com/Reporting
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Response Headersview source
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin:*
Allow:POST
Cache-Control:private
Content-Length:1565
Content-Type:text/html; charset=utf-8
Date:Tue, 18 Sep 2012 14:26:06 GMT
Server:Microsoft-IIS/7.5
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET

Update: 3/02/2014

There is a recently updated article in MSDN magazine. Detailing CORS Support in ASP.NET Web API 2.

http://msdn.microsoft.com/en-us/magazine/dn532203.aspx

解决方案

It is likely a case of IIS 7 'handling' the HTTP OPTIONS response instead of your application specifying it. To determine this, in IIS7,

  1. Go to your site's Handler Mappings.

  2. Scroll down to 'OPTIONSVerbHandler'.

  3. Change the 'ProtocolSupportModule' to 'IsapiHandler'

  4. Set the executable: %windir%Microsoft.NETFrameworkv4.0.30319aspnet_isapi.dll

Now, your config entries above should kick in when an HTTP OPTIONS verb is sent.

Alternatively you can respond to the HTTP OPTIONS verb in your BeginRequest method.

    protected void Application_BeginRequest(object sender,EventArgs e)
    {
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");

        if(HttpContext.Current.Request.HttpMethod == "OPTIONS")
        {
            //These headers are handling the "pre-flight" OPTIONS call sent by the browser
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
            HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000" );
            HttpContext.Current.Response.End();
        }

    }

这篇关于在 IIS7 上启用跨域资源共享的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

相关文档推荐

SCRIPT5: Access is denied in IE9 on xmlhttprequest(SCRIPT5:在 IE9 中对 xmlhttprequest 的访问被拒绝)
XMLHttpRequest module not defined/found(XMLHttpRequest 模块未定义/未找到)
Show a progress bar for downloading files using XHR2/AJAX(显示使用 XHR2/AJAX 下载文件的进度条)
How can I open a JSON file in JavaScript without jQuery?(如何在没有 jQuery 的情况下在 JavaScript 中打开 JSON 文件?)
How do I get the HTTP status code with jQuery?(如何使用 jQuery 获取 HTTP 状态码?)
quot;Origin null is not allowed by Access-Control-Allow-Originquot; in Chrome. Why?(“Access-Control-Allow-Origin 不允许 Origin null在铬.为什么?)