And*_*ndy 7 c# asp.net http cors asp.net-web-api
我已按照通常的步骤在web.api中启用cors,但在Chrome和Firefox中获得了对OPTIONS请求的404响应 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.mydomain.com/api/1/widgets. This can be fixed by moving the resource to the same domain or enabling CORS.
在我的WebApiConfig.cs中,我得到了:
var enableCorsAttribute = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(enableCorsAttribute);
我也尝试将EnableCors属性添加到特定的控制器或操作,并且都具有相同的结果.
我还在web.config中添加了以下内容:
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
...
这是我的javascript:
$.ajax({
url: 'https://api.mydomain.com/api/1/widgets',
type: "GET",
headers: {
Accept: "text/html; charset=utf-8",
Authorization: 'Bearer ???????????????????????????????'
}
});
但Chrome的响应为404,Firefox中的"Cross-Origin请求已被阻止".
以下是我的chrome开发人员工具栏中失败请求的详细信息:
Remote Address:??.???.???.???:443
Request URL:https://api.mydomain.com/api/1/widgets
Request Method:OPTIONS
Status Code:404 Not Found
请求
OPTIONS /api/1/widgets HTTP/1.1
Host: api.mydomain.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://myotherdomain.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://myotherdomain.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6
响应
HTTP/1.1 404 Not Found
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: http://myotherdomain.com
Access-Control-Allow-Credentials: true
X-AspNetMvc-Version: 5.0
X-UA-Compatible: IE=edge,chrome=1
X-Frame-Options: SAMEORIGIN
Cache-conrol: no-store
Date: Thu, 28 Aug 2014 16:00:28 GMT
Content-Length: 341
我错过了什么?
如果其他人有同样的问题,这个问题是由于我们在IIS 中使用微软优秀的UrlScan.
UrlScan有一个AllowVerbs部分和一个DenyVerbs部分.确保允许选项动词.
| 归档时间: |
|
| 查看次数: |
6046 次 |
| 最近记录: |