asp.net-mvc ASP .NET MVC5 中的 CORS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27218240/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CORS in ASP .NET MVC5
提问by user4309587
I have a MVC project in which I have a couple of JSON controller methods I want to expose cross domain. Not the entire site, just these two methods.
我有一个 MVC 项目,其中有几个 JSON 控制器方法我想公开跨域。不是整个网站,只有这两种方法。
I basically want to to the exact thing stated in this post for cors:
我基本上想在这篇文章中为 cors 准确说明:
http://enable-cors.org/server_aspnet.html
http://enable-cors.org/server_aspnet.html
However, the problem is that I have a regular MVC project and not a WEB API, meaning, that I cannot follow the steps regaring the register
但是,问题是我有一个常规的 MVC 项目而不是 WEB API,这意味着我无法按照注册的步骤进行操作
public static void Register(HttpConfiguration config)
{
// New code
config.EnableCors();
}
method since it is not present in my MVC project.
方法,因为它不存在于我的 MVC 项目中。
Is there a way to use this library although it is a MVC project?
尽管它是一个 MVC 项目,但有没有办法使用这个库?
I'm aware of that I can config this through web.config using:
我知道我可以使用以下命令通过 web.config 进行配置:
<httpProtocol>
<customHeaders>
<clear />
<add name="Access-Control-Allow-Origin" value="http://www.domain.com" />
</customHeaders>
</httpProtocol>
But I don't want to expose all methods, and I want to specify more than one domain (2 domains) to have access to my methods...
但我不想公开所有方法,而且我想指定多个域(2 个域)来访问我的方法......
回答by Vsevolod Goloviznin
As described in here: Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method
如此处所述:在 ASP.Net MVC 中设置 Access-Control-Allow-Origin - 最简单的方法
You should just create an action filter and set the headers there. You can use this action filter on your action methods wherever you want.
您应该只创建一个操作过滤器并在那里设置标题。您可以在任何您想要的操作方法上使用此操作过滤器。
public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
base.OnActionExecuting(filterContext);
}
}
If you want to add multiple domains, you can't just set the header multiple times. In your action filter you will need to check if the requesting domain is from your list of domains and then set the header.
如果要添加多个域,则不能多次设置标题。在您的操作过滤器中,您需要检查请求域是否来自您的域列表,然后设置标头。
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var domains = new List<string> {"domain2.com", "domain1.com"};
if (domains.Contains(filterContext.RequestContext.HttpContext.Request.UrlReferrer.Host))
{
filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
}
base.OnActionExecuting(filterContext);
}
