部署时某些路由中不存在 "Access-Control-Allow-Origin" header
No "Access-Control-Allow-Origin" header is present in certain routes at deployment
我用 Angular x.x 构建了一个前端,它获取现有 ASP.NET Web API 1.x-Application.
身份验证以及与后端的通信存在一些问题,因此我在客户端实现了以下拦截器:
Angular-Interceptor 凭据:
@Injectable()
export class CredentialsInterceptor implements HttpInterceptor {
intercept(req: HttpRequest<any>, next: HttpHandler):
Observable<HttpEvent<any>> {
req = req.clone({
withCredentials: true
});
return next.handle(req);
}
}
为了处理现有的 CORS-Conflicts 我修改了 Global.asax 如下:
protected void Application_BeginRequest(object sender, EventArgs e)
{
string httpOrigin = HttpContext.Current.Request.Params["HTTP_ORIGIN"] ?? HttpContext.Current.Request.Params["ORIGIN"] ?? "*";
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", httpOrigin);
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Token, withCredentials");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Credentials", "true");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
HttpContext.Current.Response.StatusCode = 200;
var httpApplication = sender as HttpApplication;
httpApplication.CompleteRequest();
}
}
还有 web.config 这样的:
<system.web>
<authentication mode="Windows" />
<authorization>
<allow verbs="OPTIONS" users="*"/>
<deny users="?"/>
</authorization>
</system.web>
<system.webServer>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
在我的本地计算机上,可以在 localhost:80(使用 IIS Express)访问后端,而我在 192.168.xxx.xx:80 上通过 IIS 10 托管了我的 Angular 应用程序。
在这个环境中,一切都运行良好,我没有遇到任何问题。
Test-Environment 是一台装有 Windows Server 2008 R2 和 IIS 7.5 的服务器。对于 Deep-Link-Usage URL-Rewriter 安装了 2
构建后端和前端并部署到上述环境后,除了一个大缺陷外,应用程序按预期工作。
IIS中的Backend-Address为*:80、*:8080等
IIS中的Frontend-Address是Server-IP:80
虽然某些路线按预期工作,但在 local-setup 中工作的其他一些路线正在产生以下 CORS-Issue:
Access to XMLHttpRequest at *route* from origin *origin* has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No "Access-Control-Allow-Origin" header is present on the requested source.
到目前为止,我找不到工作的控制器和不工作的控制器之间的任何区别。
有人知道这里发生了什么吗?
一件小事,影响这么大。
我忘记将 <remove name="OPTIONSVerbHandler" /> 添加到 web.config 处理程序。
现在一切正常!希望它能帮助别人。
我用 Angular x.x 构建了一个前端,它获取现有 ASP.NET Web API 1.x-Application.
身份验证以及与后端的通信存在一些问题,因此我在客户端实现了以下拦截器:
Angular-Interceptor 凭据:
@Injectable()
export class CredentialsInterceptor implements HttpInterceptor {
intercept(req: HttpRequest<any>, next: HttpHandler):
Observable<HttpEvent<any>> {
req = req.clone({
withCredentials: true
});
return next.handle(req);
}
}
为了处理现有的 CORS-Conflicts 我修改了 Global.asax 如下:
protected void Application_BeginRequest(object sender, EventArgs e)
{
string httpOrigin = HttpContext.Current.Request.Params["HTTP_ORIGIN"] ?? HttpContext.Current.Request.Params["ORIGIN"] ?? "*";
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", httpOrigin);
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Token, withCredentials");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Credentials", "true");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
HttpContext.Current.Response.StatusCode = 200;
var httpApplication = sender as HttpApplication;
httpApplication.CompleteRequest();
}
}
还有 web.config 这样的:
<system.web>
<authentication mode="Windows" />
<authorization>
<allow verbs="OPTIONS" users="*"/>
<deny users="?"/>
</authorization>
</system.web>
<system.webServer>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
在我的本地计算机上,可以在 localhost:80(使用 IIS Express)访问后端,而我在 192.168.xxx.xx:80 上通过 IIS 10 托管了我的 Angular 应用程序。
在这个环境中,一切都运行良好,我没有遇到任何问题。
Test-Environment 是一台装有 Windows Server 2008 R2 和 IIS 7.5 的服务器。对于 Deep-Link-Usage URL-Rewriter 安装了 2
构建后端和前端并部署到上述环境后,除了一个大缺陷外,应用程序按预期工作。
IIS中的Backend-Address为*:80、*:8080等
IIS中的Frontend-Address是Server-IP:80
虽然某些路线按预期工作,但在 local-setup 中工作的其他一些路线正在产生以下 CORS-Issue:
Access to XMLHttpRequest at *route* from origin *origin* has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No "Access-Control-Allow-Origin" header is present on the requested source.
到目前为止,我找不到工作的控制器和不工作的控制器之间的任何区别。
有人知道这里发生了什么吗?
一件小事,影响这么大。
我忘记将 <remove name="OPTIONSVerbHandler" /> 添加到 web.config 处理程序。
现在一切正常!希望它能帮助别人。