我创建了一个ASP.Net Web API,它由Azure托管并受Azure AD保护。我通过SharePoint在线调用此Web API。 GET工作正常,但POST失败并显示标题中的消息:
Cross-site request forgery detected for user '' from referer 'somesite.sharepoint.com
在Web API的Web.config中,我配置了以下内容:
<add name="Access-Control-Allow-Origin" value="https://somesite.sharepoint.com" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept, Authorization" />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
我错过了配置选项吗?