问题
I am getting the following error when trying to make a CORS request to my MVC app.
XMLHttpRequest cannot load http://www.ASite.com/gallery/cors/0. Request header field Cache-Control is not allowed by Access-Control-Allow-Headers. 11576?EventId=3108:1
error: Server responded with 0 code.
I have added the following custom headers to my web.config which I thought was supposed to allow CORS requests. Can someone please help.
<httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Headers" value="*" /> <add name="Access-Control-Allow-Methods" value="GET, POST, PUT" /> </customHeaders> </httpProtocol>
回答1:
Matthew's answer glances off the main issue. You cannot use * in Access-Control-Allow-Headers per the specification. You have to specify the exact headers you want to allow.
If there are a lot of headers which change, you may want to look into a server side script to read the Access-Control-Request-Headers HTTP request header, then add the correct headers to the Access-Control-Allow-Headers response.
回答2:
Your web.config is specifying to allow all headers. You should specify only what you need:
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
来源:https://stackoverflow.com/questions/24245831/cors-not-working-in-my-mvc-app-getting-header-error-despite-settings-web-config