404用于web.api cors选项
本文关键字:cors 选项 api web 用于 | 更新日期: 2023-09-27 18:19:42
我遵循了在web.api中启用cors的常见步骤,但在Chrome中得到了对OPTIONS请求的404响应,在Firefox中得到了Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.mydomain.com/api/1/widgets. This can be fixed by moving the resource to the same domain or enabling CORS.
在我的WebApiConfig.cs中,我有:
var enableCorsAttribute = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(enableCorsAttribute);
我还尝试将EnableCors属性添加到特定的控制器或操作中,结果都是一样的。
我还在web.config中添加了以下内容:
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
...
这是我的javascript:
$.ajax({
url: 'https://api.mydomain.com/api/1/widgets',
type: "GET",
headers: {
Accept: "text/html; charset=utf-8",
Authorization: 'Bearer ???????????????????????????????'
}
});
但Chrome的回复是404,Firefox的回复是"跨源请求被阻止"。
以下是来自chrome开发人员工具栏的失败请求的详细信息:
Remote Address:??.???.???.???:443
Request URL:https://api.mydomain.com/api/1/widgets
Request Method:OPTIONS
Status Code:404 Not Found
请求
OPTIONS /api/1/widgets HTTP/1.1
Host: api.mydomain.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://myotherdomain.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://myotherdomain.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6
响应
HTTP/1.1 404 Not Found
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: http://myotherdomain.com
Access-Control-Allow-Credentials: true
X-AspNetMvc-Version: 5.0
X-UA-Compatible: IE=edge,chrome=1
X-Frame-Options: SAMEORIGIN
Cache-conrol: no-store
Date: Thu, 28 Aug 2014 16:00:28 GMT
Content-Length: 341
我错过了什么?
如果其他人也有同样的问题,这个问题是由于我们在IIS中使用了Microsoft出色的UrlScan。
UrlScan有一个AllowVerbs部分和一个DenyVerbs部分。请确保允许使用选项谓词。
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
var corsAttr = new EnableCorsAttribute("http://localhost:3000", "*", "*");
config.EnableCors(corsAttr);
config.Routes.MapHttpRoute("DefaultApiWithId", "Api/{controller}/{id}", new { id = RouteParameter.Optional }, new { id = new GuidConstraint() });
config.Routes.MapHttpRoute("DefaultApiWithAction", "Api/{controller}/{action}");
config.Routes.MapHttpRoute("DefaultApiGet", "Api/{controller}", new { action = "Get" }, new { httpMethod = new HttpMethodConstraint(HttpMethod.Get) });
config.Routes.MapHttpRoute("DefaultApiPost", "Api/{controller}", new { action = "Post" }, new { httpMethod = new HttpMethodConstraint(HttpMethod.Post) });
config.Routes.MapHttpRoute("DefaultApiOptions", "Api/{controller}", new { action = "Options" }, new { httpMethod = new HttpMethodConstraint(HttpMethod.Options) });
}
}
最后一行可以解决.Net WebApi 的问题