我有一个ASP.NET Web API 2服务。并且多个客户端(角度)应用程序与该服务对话。应用程序和服务发布在不同的子域中,如下所示:
service.mydomain.com
app1.mydomain.com
app2.mydomain.com
我使用Microsoft.AspNet.WebApi.Cors-NuGet包启用了CORS,它工作正常,除了一种情况:用户打开一个应用程序(app1.mydomain.com)。然后导航到另一个(app2.mydomain.com)。然后按下浏览器的后退按钮。以下CORS错误:
The 'Access-Control-Allow-Origin' header has a value 'http://app2.mydomain.com' that is not equal to the supplied origin.
Origin 'http://app1.mydomain.com' is therefore not allowed access
我配置了Microsoft.AspNet.WebApi.Cors-NuGet程序包,如下所示:
public static void Register(HttpConfiguration config)
{
var cors = new EnableCorsAttribute(
//to-do allow cross domains for all maarif.com sites
origins: "*", //and also tried "http://app1.mydomain.com, http://app2.mydomain.com" gives same result
headers: "*",
methods: "*") {SupportsCredentials = true};
config.EnableCors(cors);
}
我在服务器上跟踪了Origin标头值。我将以下代码放入服务“ global.asax”中:
protected void Application_BeginRequest()
{
var origin = HttpContext.Current.Request.Headers["Origin"];
if …