Question

我有两个网站：本地：20279 /和本地：54220。从20279开始通过IFrame打开54220.用户点击按钮后，IFrame将关闭，我在52220中获取数据。我读到了如何启用CORS，这就是我在web.config中所做的：

<system.webServer>
    <httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*"/>
            <add name="Access-Control-Allow-Headers" value="Content-Type" />
            <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
        </customHeaders>
    </httpProtocol>
</system.webServer>

这个代码在文件js中读取IFrame中的数据

function dialog_close() {
    dialog(false, '');

    getValueFromIFrame("if-dialog", "status");
}

function getValueFromIFrame(idIFrame, idField) {
    var iframe = document.getElementById(idIFrame);
    var innerDoc = iframe.contentDocument || iframe.contentWindow.document;
    var value = innerDoc.getElementById(idField).value;
    alert(value);
    //return value;
}

这就是我从浏览器中得到的：

Blocked a frame with origin 20279 from accessing a frame with origin "http://localhost:54220". Protocols, domains, and ports must match. <br/>
Uncaught SecurityError: Blocked a frame with origin "http://localhost:20279" from accessing a frame with origin 54220. Protocols, domains, and ports must match.

我的问题是：如何让它发挥作用？

谢谢

Answer 1

响应中的Access-Control-Allow-Origin标头必须设置为HTTP请求的Origin标头中发送的确切值，*是不够的。

如何启用CORS

1 个答案: