Azure 网站上的 iisnode 和 cors
iisnode and cors on azure websites
我有一个 nodejs/expressjs Web API 项目设置,当我使用 curl 对其进行测试时,它工作得非常好。
这是本地调用的输出:
dc-designer-client git:(master) curl -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS --verbose http://0.0.0.0:3000/api/grid
* Hostname was NOT found in DNS cache
* Trying 0.0.0.0...
* Connected to 0.0.0.0 (127.0.0.1) port 3000 (#0)
> OPTIONS /api/grid HTTP/1.1
> User-Agent: curl/7.37.1
> Host: 0.0.0.0:3000
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
< Access-Control-Allow-Headers: Content-Type, Authorization, Content-Length, X-Requested-With, *
< Content-Type: text/plain; charset=utf-8
< Content-Length: 2
< ETag: W/"2-4KoCHiHd29bYzs7HHpz1ZA"
< Date: Mon, 06 Jul 2015 01:24:01 GMT
< Connection: keep-alive
<
* Connection #0 to host 0.0.0.0 left intact
然而,当我部署到 azure 并尝试执行相同的 curl 语句时,它会给我以下信息:
dc-designer-server git:(master) curl -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS --verbose http://dc-server.azurewebsites.net/api/grid
* Hostname was NOT found in DNS cache
* Trying 23.96.124.25...
* Connected to dc-server.azurewebsites.net (127.0.0.1) port 80 (#0)
> OPTIONS /api/grid HTTP/1.1
> User-Agent: curl/7.37.1
> Host: dc-server.azurewebsites.net
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
>
* Empty reply from server
* Connection #0 to host dc-server.azurewebsites.net left intact
curl: (52) Empty reply from server
我确定这与 iisnode 和 iis on azure 有关。我不知道的是如何配置 Azure 网站以允许 OPTIONS 预检检查传递给 nodejs。
我的 server.js 代码正在使用 cors npm 包。当我配置 nodejs 和 express 时,此代码在本地工作,但似乎 Azure 上的 IIS 正在阻止或导致我的代码出现问题。
是否有人使用 iisnode 配置 Azure 网站以允许 CORS 调用?
有样本here that sets up both a front end and back end site, and is set up with CORS. Specifically, this file有逻辑。
也就是说,这是一个 .NET 示例。所以它表明它可以在一般的Azure Web Apps上工作,但我不确定是否有与IISNode相关的特殊注意事项。
我在 Azure 网站上使用 nodejs。我已经安装了 cors 包并启用了来自所有域的请求。 Azure 仍在阻止 CORS 请求。
我更改了 web.config(每个站点都有一个,如果一个不是部署的一部分,则会创建一个)。根据这个计算器 post:
下面是我的完整 web.config - 有特定于我的站点的设置,因此复制和粘贴它不起作用。
<?xml version="1.0" encoding="utf-8"?>
<!--
This configuration file is required if iisnode is used to run node processes behind
IIS or IIS Express. For more information, visit:
https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config
-->
<configuration>
<system.webServer>
<!-- Visit http://blogs.msdn.com/b/windowsazure/archive/2013/11/14/introduction-to-websockets-on-windows-azure-web-sites.aspx for more information on WebSocket support -->
<webSocket enabled="false" />
<handlers>
<!-- Indicates that the server.js file is a node.js site to be handled by the iisnode module -->
<add name="iisnode" path="transpiled/www.js" verb="*" modules="iisnode"/>
</handlers>
<rewrite>
<rules>
<!-- Do not interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^transpiled/www.js\/debug[\/]?" />
</rule>
<!-- First we consider whether the incoming URL matches a physical file in the /public folder -->
<rule name="StaticContent">
<action type="Rewrite" url="public{REQUEST_URI}"/>
</rule>
<!-- All other URLs are mapped to the node.js site entry point -->
<rule name="DynamicContent">
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>
</conditions>
<action type="Rewrite" url="transpiled/www.js"/>
</rule>
</rules>
</rewrite>
<!-- 'bin' directory has no special meaning in node.js and apps can be placed in it -->
<security>
<requestFiltering>
<hiddenSegments>
<remove segment="bin"/>
</hiddenSegments>
</requestFiltering>
</security>
<!-- Make sure error responses are left untouched -->
<httpErrors existingResponse="PassThrough" />
<!--
You can control how Node is hosted within IIS using the following options:
* watchedFiles: semi-colon separated list of files that will be watched for changes to restart the server
* node_env: will be propagated to node as NODE_ENV environment variable
* debuggingEnabled - controls whether the built-in debugger is enabled
See https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config for a full list of options
-->
<!--<iisnode watchedFiles="web.config;*.js"/>-->
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,POST,DELETE,HEAD,PUT,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Olaround-Debug-Mode, Authorization, Accept" />
<add name="Access-Control-Expose-Headers" value="X-Olaround-Debug-Mode, X-Olaround-Request-Start-Timestamp, X-Olaround-Request-End-Timestamp, X-Olaround-Request-Time, X-Olaround-Request-Method, X-Olaround-Request-Result, X-Olaround-Request-Endpoint" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
复制此部分并将其插入 结束 system.webServer 标记的正上方。
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,POST,DELETE,HEAD,PUT,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Olaround-Debug-Mode, Authorization, Accept" />
<add name="Access-Control-Expose-Headers" value="X-Olaround-Debug-Mode, X-Olaround-Request-Start-Timestamp, X-Olaround-Request-End-Timestamp, X-Olaround-Request-Time, X-Olaround-Request-Method, X-Olaround-Request-Result, X-Olaround-Request-Endpoint" />
</customHeaders>
</httpProtocol>
要获得 web.config,您必须部署然后 FTP 到实例中。您可以通过单击站点仪表板中的 "Download the publish profile" link 来执行此操作。
打开文件,是xml。
<?xml version="1.0"?>
<publishData>
<publishProfile profileName="secret - Web Deploy" publishMethod="MSDeploy" publishUrl="secret.scm.azurewebsites.net:443" msdeploySite="secret" userName="$secret" userPWD="v0ifRuLpeXf42kurCFHqXSA5uQnAdmx2c7lCHrrQPiyB6TxlXoG0dfJGFndH" destinationAppUrl="http://secret.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="" webSystem="WebSites">
<databases/>
</publishProfile>
<publishProfile profileName="secret - FTP" publishMethod="FTP" publishUrl="ftp://secret.ftp.azurewebsites.windows.net/site/wwwroot" ftpPassiveMode="True" userName="secret$secret" userPWD="secret2c7lCHrrQPiyB6TxlXosecret" destinationAppUrl="http://secret.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="" webSystem="WebSites">
<databases/>
</publishProfile>
</publishData>
在 FTP 的 publishProfile 元素中,您可以找到 url、用户名和密码。数值要完整使用,否则无效。
获得 web.config 后,进行更改并将其上传回站点。看看是否有效。它对我有用。
要使其继续工作,您需要将 web.config 添加到项目(或站点)的根目录中。否则 Azure 会在每次部署时把它吹走。
事实证明,您不需要修改 Azure IISNode 的默认 web.config 来处理 CORS 请求。
在我的 server.js NodeJS 代码中,我使用标准的 CORS npm 包。为了让我的 CORS 请求跨浏览器工作,我必须更改的是将我的请求的协议从 "HTTP" 更改为 "HTTPS"。
进行此更改后,我可以使用任何浏览器并使用 curl 测试我的 WebAPI。
我有一个 nodejs/expressjs Web API 项目设置,当我使用 curl 对其进行测试时,它工作得非常好。
这是本地调用的输出:
dc-designer-client git:(master) curl -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS --verbose http://0.0.0.0:3000/api/grid
* Hostname was NOT found in DNS cache
* Trying 0.0.0.0...
* Connected to 0.0.0.0 (127.0.0.1) port 3000 (#0)
> OPTIONS /api/grid HTTP/1.1
> User-Agent: curl/7.37.1
> Host: 0.0.0.0:3000
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
< Access-Control-Allow-Headers: Content-Type, Authorization, Content-Length, X-Requested-With, *
< Content-Type: text/plain; charset=utf-8
< Content-Length: 2
< ETag: W/"2-4KoCHiHd29bYzs7HHpz1ZA"
< Date: Mon, 06 Jul 2015 01:24:01 GMT
< Connection: keep-alive
<
* Connection #0 to host 0.0.0.0 left intact
然而,当我部署到 azure 并尝试执行相同的 curl 语句时,它会给我以下信息:
dc-designer-server git:(master) curl -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS --verbose http://dc-server.azurewebsites.net/api/grid
* Hostname was NOT found in DNS cache
* Trying 23.96.124.25...
* Connected to dc-server.azurewebsites.net (127.0.0.1) port 80 (#0)
> OPTIONS /api/grid HTTP/1.1
> User-Agent: curl/7.37.1
> Host: dc-server.azurewebsites.net
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
>
* Empty reply from server
* Connection #0 to host dc-server.azurewebsites.net left intact
curl: (52) Empty reply from server
我确定这与 iisnode 和 iis on azure 有关。我不知道的是如何配置 Azure 网站以允许 OPTIONS 预检检查传递给 nodejs。
我的 server.js 代码正在使用 cors npm 包。当我配置 nodejs 和 express 时,此代码在本地工作,但似乎 Azure 上的 IIS 正在阻止或导致我的代码出现问题。
是否有人使用 iisnode 配置 Azure 网站以允许 CORS 调用?
有样本here that sets up both a front end and back end site, and is set up with CORS. Specifically, this file有逻辑。
也就是说,这是一个 .NET 示例。所以它表明它可以在一般的Azure Web Apps上工作,但我不确定是否有与IISNode相关的特殊注意事项。
我在 Azure 网站上使用 nodejs。我已经安装了 cors 包并启用了来自所有域的请求。 Azure 仍在阻止 CORS 请求。
我更改了 web.config(每个站点都有一个,如果一个不是部署的一部分,则会创建一个)。根据这个计算器 post:
下面是我的完整 web.config - 有特定于我的站点的设置,因此复制和粘贴它不起作用。
<?xml version="1.0" encoding="utf-8"?>
<!--
This configuration file is required if iisnode is used to run node processes behind
IIS or IIS Express. For more information, visit:
https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config
-->
<configuration>
<system.webServer>
<!-- Visit http://blogs.msdn.com/b/windowsazure/archive/2013/11/14/introduction-to-websockets-on-windows-azure-web-sites.aspx for more information on WebSocket support -->
<webSocket enabled="false" />
<handlers>
<!-- Indicates that the server.js file is a node.js site to be handled by the iisnode module -->
<add name="iisnode" path="transpiled/www.js" verb="*" modules="iisnode"/>
</handlers>
<rewrite>
<rules>
<!-- Do not interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^transpiled/www.js\/debug[\/]?" />
</rule>
<!-- First we consider whether the incoming URL matches a physical file in the /public folder -->
<rule name="StaticContent">
<action type="Rewrite" url="public{REQUEST_URI}"/>
</rule>
<!-- All other URLs are mapped to the node.js site entry point -->
<rule name="DynamicContent">
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>
</conditions>
<action type="Rewrite" url="transpiled/www.js"/>
</rule>
</rules>
</rewrite>
<!-- 'bin' directory has no special meaning in node.js and apps can be placed in it -->
<security>
<requestFiltering>
<hiddenSegments>
<remove segment="bin"/>
</hiddenSegments>
</requestFiltering>
</security>
<!-- Make sure error responses are left untouched -->
<httpErrors existingResponse="PassThrough" />
<!--
You can control how Node is hosted within IIS using the following options:
* watchedFiles: semi-colon separated list of files that will be watched for changes to restart the server
* node_env: will be propagated to node as NODE_ENV environment variable
* debuggingEnabled - controls whether the built-in debugger is enabled
See https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config for a full list of options
-->
<!--<iisnode watchedFiles="web.config;*.js"/>-->
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,POST,DELETE,HEAD,PUT,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Olaround-Debug-Mode, Authorization, Accept" />
<add name="Access-Control-Expose-Headers" value="X-Olaround-Debug-Mode, X-Olaround-Request-Start-Timestamp, X-Olaround-Request-End-Timestamp, X-Olaround-Request-Time, X-Olaround-Request-Method, X-Olaround-Request-Result, X-Olaround-Request-Endpoint" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
复制此部分并将其插入 结束 system.webServer 标记的正上方。
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,POST,DELETE,HEAD,PUT,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Olaround-Debug-Mode, Authorization, Accept" />
<add name="Access-Control-Expose-Headers" value="X-Olaround-Debug-Mode, X-Olaround-Request-Start-Timestamp, X-Olaround-Request-End-Timestamp, X-Olaround-Request-Time, X-Olaround-Request-Method, X-Olaround-Request-Result, X-Olaround-Request-Endpoint" />
</customHeaders>
</httpProtocol>
要获得 web.config,您必须部署然后 FTP 到实例中。您可以通过单击站点仪表板中的 "Download the publish profile" link 来执行此操作。
打开文件,是xml。
<?xml version="1.0"?>
<publishData>
<publishProfile profileName="secret - Web Deploy" publishMethod="MSDeploy" publishUrl="secret.scm.azurewebsites.net:443" msdeploySite="secret" userName="$secret" userPWD="v0ifRuLpeXf42kurCFHqXSA5uQnAdmx2c7lCHrrQPiyB6TxlXoG0dfJGFndH" destinationAppUrl="http://secret.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="" webSystem="WebSites">
<databases/>
</publishProfile>
<publishProfile profileName="secret - FTP" publishMethod="FTP" publishUrl="ftp://secret.ftp.azurewebsites.windows.net/site/wwwroot" ftpPassiveMode="True" userName="secret$secret" userPWD="secret2c7lCHrrQPiyB6TxlXosecret" destinationAppUrl="http://secret.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="" webSystem="WebSites">
<databases/>
</publishProfile>
</publishData>
在 FTP 的 publishProfile 元素中,您可以找到 url、用户名和密码。数值要完整使用,否则无效。
获得 web.config 后,进行更改并将其上传回站点。看看是否有效。它对我有用。
要使其继续工作,您需要将 web.config 添加到项目(或站点)的根目录中。否则 Azure 会在每次部署时把它吹走。
事实证明,您不需要修改 Azure IISNode 的默认 web.config 来处理 CORS 请求。
在我的 server.js NodeJS 代码中,我使用标准的 CORS npm 包。为了让我的 CORS 请求跨浏览器工作,我必须更改的是将我的请求的协议从 "HTTP" 更改为 "HTTPS"。
进行此更改后,我可以使用任何浏览器并使用 curl 测试我的 WebAPI。