问题
Please note that the question is specifically intended for Dynamics CRM. I'm hoping for a proprietary functionality that extends or replaces the common web development. Hence, this question isn't a duplicate, although it might seem so once one sees "CORS" and this "yet another duck asking about CORS..." (typo intended).
I'm trying to make a call to an outside word from CRM and, of course, I run into CORS issues. Now, I have very little control over the server side that the call is directed to, so I wonder if it's possible to work around it from the client somehow.
The optimal solution would be if the server developers allowed calls from different domains but there's a risk that they won't do that. What are my options then, besides writing a custom service layer that opens for CORS towards calls from CRM and speaks to the third party server?
The nag is as follows (of course, from the URL line the call performs perfectly well).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://yaba.daba.doo/list?p1=[]&p2=0&&_=1415714629958. This can be fixed by moving the resource to the same domain or enabling CORS.
回答1:
It's an old question but I solved this problem on CRM 2011 (and IIS 7.0) editing the web.config.
I have added the CORS Header to IIS response.
Add the basic headers
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Headers" value="Origin, X-HTTP-Method, X-Requested-With, Content-Type, Accept" />
<add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,PUT,DELETE" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>[..]
Add Rules
Install Url Rewrite and add the rules below
<rewrite>
<rules>
[..]
<!-- This rule allow the prefligh request to be authenticated, otherwise raise the 401 error, required ONLY if you use POST, for GET only is not necessary -->
<rule name="CORS Preflight Anonymous Authentication" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REQUEST_METHOD}" pattern="^OPTIONS$" />
</conditions>
<action type="CustomResponse" statusCode="200" statusReason="Preflight" statusDescription="Preflight" />
</rule>
[..]
</rules>
<outboundRules>
<clear />
<rule name="AddCORSHeaders">
<match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<!-- This add the Access-Control-Allow-Origin if the pattern match the request url -->
<add input="{HTTP_ORIGIN}" pattern="(http(s)?://((.+\.)?domain1\.lan|(.+\.)?mydomain\.com|(.+\.)?otherdomain\.com))" />
</conditions>
<action type="Rewrite" value="{C:0}" />
</rule>
</outboundRules>
</rewrite>
来源:https://stackoverflow.com/questions/26873822/how-to-enable-cors-in-dynamics-crm