webapi处理OPTIONS请求

于 2019-05-31 17:30:00 发布
阅读量1.3k 收藏 3
点赞数 1
CC 4.0 BY-SA版权
文章标签: c# 测试 后端
原文链接:http://www.cnblogs.com/dawenyang/p/10956521.html
本文详细解析了CORS策略中的常见错误,包括'Access-Control-Allow-Origin'设置不当、'Access-Control-Allow-Credentials'缺失及预请求处理不当等问题,并提供了具体的解决方案与代码示例。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

报错1信息

 Access to XMLHttpRequest at 'http://localhost:4445/api/v/getmsg' from origin 'http://localhost:9528' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

解决方案

参考资料:https://segmentfault.com/q/1010000016765176把value值改成特定的域名。

  <system.webServer>   
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="http://localhost:9528" />
    </httpProtocol>    
  </system.webServer>

报错2信息 

Access to XMLHttpRequest at 'http://localhost:4445/api/v/getmsg' from origin 'http://localhost:9528' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

解决方案

增加一行配置文件

<add name="Access-Control-Allow-Credentials" value="true" />

 

报错3信息

Access to XMLHttpRequest at 'http://localhost:4445/api/v/getmsg' from origin 'http://localhost:9528' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

原因

浏览器请求接口时会发送两个请求,一个是预请求,相当于确认请求,第二个请求才是你要发送的真正的请求,而这个错误信息说明的是第一个OPTINOS请求失败,在服务端没有处理这个method为OPTIONS的请求,需要对它处理一下:

解决方案:

参考资料:关于Web API 2.0中的Options请求返回405的问题

                  HTTP Module

    public class SpecialMethodModule : IHttpModule
    {
        public SpecialMethodModule()
        {
        }

        public void Init(HttpApplication app)
        {
            app.BeginRequest += new EventHandler(this.BeginRequest);
        }

        public void Dispose()
        {
        }

        public void BeginRequest(object resource, EventArgs e)
        {
            HttpApplication app = resource as HttpApplication;
            HttpContext context = app.Context;
            if (context.Request.HttpMethod.ToUpper() == "OPTIONS")
            {
                context.Response.StatusCode = 200;
                context.Response.End();
            }
        }
    }

在web.config中增加module节点,参考微软官方文档,根据IIS版本不同,增加的节点方式也不同,我是IIS10.0

<configuration>
  <system.webServer>
    <modules>
      <add name="HelloWorldModule" type="HelloWorldModule"/>
    </modules>
  </system.webServer>
</configuration>

这是我遇到的问题,进行解决以及整理,有其他问题欢迎沟通。

转载于:https://www.cnblogs.com/dawenyang/p/10956521.html

aex34027
关注
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值