Asp.net 4.5 CORS 问题
Asp.net 4.5 CORS Issues
我有一个 ASP.Net 4.5 应用程序,多个客户正在使用它。该应用程序在 iframe 中打开。目前,应用程序在 chrome 上运行良好,但 IE 对服务器的所有 ajax 请求都给出了 500 错误消息。在我们对 CORS 进行一些更改之前,我们过去常常在 chrome 中收到相同的错误消息。
以下是对 APP 所做的更改。
URL 重写:
<rewrite>
<outboundRules>
<clear />
<rule name="Add SameSite" preCondition="No SameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=None" />
</rule>
<rule name="Add Secure" preCondition="No Secure">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; Secure" />
</rule>
<preConditions>
<preCondition name="No SameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=None" negate="true" />
</preCondition>
<preCondition name="No Secure">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; Secure" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="Off" />
<add input="{REQUEST_METHOD}" pattern="^get$|^head$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
这已添加到 AppSetting:
会话状态
<sessionState mode="SQLServer" cookieSameSite="None" allowCustomSqlDatabase="true" ...>
试试这个:
<system.webServer>
<httpProtocol>
<!-- THESE HEADERS ARE IMPORTANT TO WORK WITH CORS -->
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://yourwebsite.com/error/500" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Content-Type, accept, origin, X-Requested-With, Authorization, name" />
</customHeaders>
</httpProtocol>
</system.webServer>
我有一个 ASP.Net 4.5 应用程序,多个客户正在使用它。该应用程序在 iframe 中打开。目前,应用程序在 chrome 上运行良好,但 IE 对服务器的所有 ajax 请求都给出了 500 错误消息。在我们对 CORS 进行一些更改之前,我们过去常常在 chrome 中收到相同的错误消息。 以下是对 APP 所做的更改。 URL 重写:
<rewrite>
<outboundRules>
<clear />
<rule name="Add SameSite" preCondition="No SameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=None" />
</rule>
<rule name="Add Secure" preCondition="No Secure">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; Secure" />
</rule>
<preConditions>
<preCondition name="No SameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=None" negate="true" />
</preCondition>
<preCondition name="No Secure">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; Secure" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="Off" />
<add input="{REQUEST_METHOD}" pattern="^get$|^head$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
这已添加到 AppSetting:
会话状态
<sessionState mode="SQLServer" cookieSameSite="None" allowCustomSqlDatabase="true" ...>
试试这个:
<system.webServer>
<httpProtocol>
<!-- THESE HEADERS ARE IMPORTANT TO WORK WITH CORS -->
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://yourwebsite.com/error/500" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Content-Type, accept, origin, X-Requested-With, Authorization, name" />
</customHeaders>
</httpProtocol>
</system.webServer>