本文介绍了在Azure Web中启用CORS的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想要做的是,当从我的JavaScript 调用https服务(不是我自己的)时,为.net MVC 5 Azure网站启用CORS(跨源资源共享)。



我总是遇到相同的错误

I have managed to enable this when developing locally, setting my project to https and adding the following to web.config

<system.webServer>
<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS"/>
    <add name="Access-Control-Allow-Headers" value="Content-Type, Accept, SOAPAction"/>
    <add name="Access-Control-Max-Age" value="1728000"/>
  </customHeaders>
</httpProtocol>
</system.webServer>

That adds the 'Access-Control-Allow-Origin' header. But that does not seem to work on the Azure website.

And I can´t find any settings like in the Mobile Services where you can allow this like you see here.

Since I know you are all going to ask for code (that works locally btw) there you have the simple Jquery call to the service

$.ajax({
    url: 'https://someservice-I-have-no-control-over',
    dataType: 'json',
    contentType: 'application/json',
    type: 'GET',
    success: function (response) {
        $.each(response, function (key, value) {
          console.log("success"); //Doesn´t happen! :-(
        });
    },
    error: function (xhr, text, error) {
        if ($.isFunction(onError)) {
            onError(xhr.responseJSON);
        }
    }
});

So any thoughts?

Edit 1

Just to clarify a little.

I am calling a service that I have no control over that is a https one, in a javascript (not a controller) that is mine.

Edit 2

Ok I thought that I could intercept the response from the third party service and add this header before the browser rejects it. As I see it that is not possible (right?). But how come it works locally?

If I capture the call to this service with e.g LiveHTTPHeaders I get the following response where there is not a "Access-Control-Allow-Origin" restriction (so way does it work locally?).

Request (to https://someservice-I-have-no-control-over.com)

GET /someservice-I-have-no-control-over/SomeAction/44 HTTP/1.1
Host: someservice-I-have-no-control-over.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
If-None-Match: "53867cff-96b0-411f-88b7-d84765f9f8e8"
Cache-Control: max-age=0

Reply

HTTP/1.1 304 Not Modified
Cache-Control: max-age=900
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Date: Tue, 24 Feb 2015 11:06:53 GMT
解决方案

Not possible.

It works locally because it's the server that must have the allow headers, and when you call your own webserver from your javascript you can add those headers.

When you call the real website they do probably not add the CORS allow header (Access-Control-Allow-Origin) and your request is therefore denied.

What you could do is either to use JSONP or proxy all requests through your own website.

You could for instance use my CORS proxy: https://github.com/jgauffin/corsproxy. It's intended usage is for IE9 and below, but works just as fine for all requests.

这篇关于在Azure Web中启用CORS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-17 12:43
查看更多