发表新帖
发表新帖

CORS with WebAPI for XmlHttpRequest

前端 未结
关注
5 810
不知归路
不知归路 2020-12-14 04:45

Just wanted to know what is the best elegant way (currently available) to handle CORS (Cross-Origin Resource Sharing) in ASP.NET WebAPI so i can use XmlHtt

相关标签:
5条回答
  • Happy的楠姐
    2020-12-14 05:18

    There is now CORS support in the nightly of web api

    http://blogs.msdn.com/b/yaohuang1/archive/2013/04/05/try-out-asp.net-web-api-cors-support-using-the-nightly-builds.aspx

    Use nuget to:

    • Uninstall the Microsoft.AspNet.Mvc.FixedDisplayModes package.
    • Install Microsoft.AspNet.WebApi.Cors package from the nightly builds

    Then fix the bindings in the web.config Then enable CORS 

    config.EnableCors(new EnableCorsAttribute())

    Read more about it on this wiki https://aspnetwebstack.codeplex.com/wikipage?title=CORS%20support%20for%20ASP.NET%20Web%20API&referringTitle=Specs

    Edit 19-04-2013 Scott Guthrie has blogged about it: http://weblogs.asp.net/scottgu/archive/2013/04/19/asp-net-web-api-cors-support-and-attribute-based-routing-improvements.aspx

    0 讨论(0)
  • 臣服心动
    2020-12-14 05:21

    Add below in web.cofig file(inside the system.webserver element). 

    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Headers" value="accept, maxdataserviceversion, origin, x-requested-with, dataserviceversion" />
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Max-Age" value="1728000" />
      </customHeaders>
    </httpProtocol>

    and add below code in global.aspx.cs file

        protected void Application_BeginRequest(object sender, EventArgs e)
    {
        if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
        {
            Response.StatusCode = 200;
            Response.End();
        }
    }
    0 讨论(0)
  • 后悔当初
    2020-12-14 05:39

    Carlos Figueira has a nice series of posts about CORS and ASP.NET Web API:

    • Implementing CORS support in ASP.NET Web APIs
    • Implementing CORS support in ASP.NET Web APIs – Take 2
    • CORS support in ASP.NET Web API – RC version

    Personally I'm a big fan of Take 2 approach because EnableCors attribute can be easly extended to give you control over allowed origins.

    0 讨论(0)
  • 后悔当初
    2020-12-14 05:41

    It depends how fine-grained you want to control CORS. If you want to allow any domain for instance you can add static CORS headers to all responses by configuring them in IIS. I chose this approach and wrote about it here.

    0 讨论(0)
  • 走了就别回头了
    2020-12-14 05:45

    Tpeczek have a nice found, however while doing my own research ive found something similar and also very elegant ways of handling CORS which enable you to configure your CORS in a config file in App_Start folder. Its all handled using an open source library called Thinkecture. See details here :

    http://brockallen.com/2012/06/28/cors-support-in-webapi-mvc-and-iis-with-thinktecture-identitymodel/

    It have many advantages.. you can configure origins, methods (GET, POST, etc.), access to specifics controllers and actions and it also keep your controllers clean from any attributes.

    WebAPI, IIS and ASP.NET MVC is supported !

    0 讨论(0)
 看不清?
提交回复
热议问题