如何使用MVC 5 CORS设置asp.net webofrms

时间:2019-02-15 20:09:27

标签: asp.net asp.net-mvc cors

我有一个老式的asp.net Webforms站点,不久前它已经使用了mvc。所有的mvc工作正常,所以我认为添加一个新的控制器来从jquery调用将很容易。没那么多。我通过google或在此处找到的所有内容都为我提供了.net CORE的解决方案(不是),也没有提供以下代码。但是下面的代码不起作用,我不知道该怎么办。

web.config 

   <httpProtocol>
      <customHeaders>
        <clear />
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Methods" value="GET,POST" />
        <add name="Access-Control-Allow-Headers" value="X-AspNet-Version,X-Powered-By,Date,Server,Accept,Accept-Encoding,Accept-Language,Cache-Control,Connection,Content-Length,Content-Type,Host,Origin,Pragma,Referer,User-Agent" />
      </customHeaders>
    </httpProtocol>

添加cors操作过滤条件属性

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
        base.OnActionExecuting(filterContext);
    }
}

在控制器中使用

[AllowCrossSiteJson]
[System.Web.Http.HttpPost]
public JsonResult all(QuoteRequest request)
{
    return Json(new QuoteResponses
    {
        ExpressQuote = express(request),
        PremiumQuote = premium(request),
        CorpToCorpQuote = corptocorp(request)
    });
}

非常奇怪的是,如果我通过带有常规职位的邮递员来称呼此端点,则它可以正常工作。但是,用jquery的帖子调用它会给我cors错误... 

Access to XMLHttpRequest at 'xxxxxxxxx' from origin 'xxxxxxxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

我还能做什么或尝试?

编辑/更新

我最终删除了上面显示的所有代码,并将其添加到我的全局代码中。现在效果很好。

 protected void Application_BeginRequest(object sender, EventArgs e)
{
    var res = HttpContext.Current.Response;
    var req = HttpContext.Current.Request;
    res.AppendHeader("Access-Control-Allow-Origin", "*");
    res.AppendHeader("Access-Control-Allow-Credentials", "true");
    res.AppendHeader("Access-Control-Allow-Headers", "Content-Type, X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name");
    res.AppendHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS");

    // ==== Respond to the OPTIONS verb =====
    if (req.HttpMethod == "OPTIONS")
    {
        res.StatusCode = 200;
        res.End();
    }
}

0 个答案:

没有答案
相关问题
最新问题