Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
337 views
in Technique[技术] by (71.8m points)

c# - Enable CORS for Web API 1, .net 4.0

I need to enable CORS for my Web API and I can't upgrade to Framework 4.5 at the moment. (I know about System.Web.Http.Cors.EnableCorsAttribute.)

I've tried to add the following to my Web.config to see if it worked, but it didn't:

<system.webServer>
<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*"/>
  </customHeaders>
</httpProtocol>

I've also tried to set the Access-Control-Allow-Origin header to "*" manually by use of System.Web.Http.Filters.ActionFilterAttribute (based on this post: Add custom header to all responses in Web API) - but that didn't work out either as the request is rejected before it gets to the action filtering.

So I'm kinda stuck now.. Any help is appreciated.

Edit: Turns out

<add name="Access-Control-Allow-Origin" value="*"/>

was the answer all along, I must've done something wrong previously when I tested it. But this solution means that all actions are CORS enabled (which will do for now).

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

POST, PUT, DELETE, etc use pre-flighted CORS. The browser sends an OPTIONS request. This is because browser first, checks if serverside can handle CORS or not using OPTIONS request, if succeeds, then sends actual request PUT or POST or Delete. Since you do not have an action method that handles OPTIONS, you are getting a 405. In its most simplest form, you must implement an action method like this in your controller.

More explanation - http://www.w3.org/TR/cors/#resource-preflight-requests

http://www.html5rocks.com/en/tutorials/cors/

public HttpResponseMessage Options()
{
    var response = new HttpResponseMessage();
    response.StatusCode = HttpStatusCode.OK;
    return response;
}

Note: This this action just responds to OPTION request, so along with this you need to add necessary config to web.config, such as Access-Control-Allow-Origin = * and Access-Control-Allow-Methods = POST,PUT,DELETE.

Web API 2 has CORS support, but with Web API 1, you have to follow this path.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...