zoukankan      html  css  js  c++  java
  • asp.net cors solution

    I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.
    
    If I try to call it, I get the expected...:
    
    Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.
    I know of two ways to get around this: JSONP and creating a custom HttpHandler to set the header.
    
    Is there no simpler way?
    
    Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter?
    
    Optimal would be...:
    
    return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);
    For plain ASP.NET MVC Controllers
    
    Create a new attribute
    
    public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
            base.OnActionExecuting(filterContext);
        }
    }
    
    Tag your action:
    
    [AllowCrossSiteJson]
    public ActionResult YourMethod()
    {
        return Json("Works better?");
    }
    
    For ASP.NET Web API
    
    using System;
    using System.Web.Http.Filters;
    
    public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
    {
        public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
        {
            if (actionExecutedContext.Response != null)
                actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");
    
            base.OnActionExecuted(actionExecutedContext);
        }
    }
    
    Tag a whole API controller:
    
    [AllowCrossSiteJson]
    public class ValuesController : ApiController
    {
    
    Or individual API calls:
    
    [AllowCrossSiteJson]
    public IEnumerable<PartViewModel> Get()
    {
        ...
    }
    
    If you are using IIS 7+, you can place a web.config file into the root of the folder with this in the system.webServer section:
    
    <httpProtocol>
       <customHeaders>
          <clear />
          <add name="Access-Control-Allow-Origin" value="*" />
       </customHeaders>
    </httpProtocol>
    See: http://msdn.microsoft.com/en-us/library/ms178685.aspx And: http://enable-cors.org/#how-iis7
    
    
    This is really simple , just add this in web.config
    
    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="http://localhost" />
          <add name="Access-Control-Allow-Headers" value="X-AspNet-Version,X-Powered-By,Date,Server,Accept,Accept-Encoding,Accept-Language,Cache-Control,Connection,Content-Length,Content-Type,Host,Origin,Pragma,Referer,User-Agent" />
          <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
          <add name="Access-Control-Max-Age" value="1000" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
    In Origin put all domains that have access to your web server, in headers put all possible headers that any ajax http request can use, in methods put all methods that you allow on your server
    
    regards :)
  • 相关阅读:
    vue 无缝无限滚动横条实现
    小程序 recycle-view 个人demo
    js 笔记
    java整理的一些面试资料
    使用js获取浏览器地址栏里的参数
    java面试题
    sql中索引不会被用到的几种情况
    常用linux命令
    shiro登录成功之后跳转原路径
    springboot 整合 mongodb实现 批量更新数据
  • 原文地址:https://www.cnblogs.com/zengpeng/p/8145603.html
Copyright © 2011-2022 走看看