当前位置：文江博客话题详情

cross-domain wcf-web-api

Access-Control-Allow-Origin 不允许 WCF Web API RESTful

发布于 2024-11-15 06:24:24 字数 836 浏览 4 评论 0 原文

看来我有跨域访问问题。我看到一些解决方案表明添加“Access-Control-Allow-Origin: *”，但我不知道在哪里可以做到这一点。

我需要创建一些处理程序吗？

我正在使用 WCF Web API。

错误：XMLHttpRequest 无法加载 http://localhost:8081/Song/0。 Access-Control-Allow-Origin 不允许来源 http://localhost:8080。

编辑

我注意到只有当 HTTP 方法为 PUT 或 DELETE 时才会发生这种情况。我可以使用 GET 或 POST 成功发出请求。

我正在使用 jquery 发出请求。

$.ajax({
        url: Settings.RESTfulEndPointFor('Song/' + songID),
        type: 'DELETE',
        success: function (response) {
            callback(response);
        }
    });

我不知道为什么，但这似乎导致方法选项带有 Access-Control-Request-Method: DELETE。

有谁知道造成这种情况的原因是什么？

任何帮助表示赞赏。

原文

Seems like I have a cross domain access problem.
I've seen some solutions that are indicating to add "Access-Control-Allow-Origin: *", but I don't know where I can do this.

Do I need to create some handler?

I'm using WCF Web API.

Error: XMLHttpRequest cannot load http://localhost:8081/Song/0. Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.

EDIT

I've noticed that this is only happens when HTTP method is PUT or DELETE.
I can successfully make requests with GET or POST.

I'm making the request using jquery.

$.ajax({
        url: Settings.RESTfulEndPointFor('Song/' + songID),
        type: 'DELETE',
        success: function (response) {
            callback(response);
        }
    });

I don't know why, but it seems like this is resulting in method OPTIONS with Access-Control-Request-Method: DELETE.

Does any one know what causing this?

Any help is appreciated.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

枕头说它不想醒 2024-11-22 06:24:24

我在通过 AJAX 调用连接到 WCF RESTful 服务时遇到了这个问题

我的 javascript 是这样的：

var GetData= function(){

    var data;
    $.ajax({
        url:  this.server + "/data",
        async: false,
        type: "GET",
        success: function (success) {
            data = success;
        }
    });
    return data;

};

我的服务端点是用此代码打开的

ServiceHost host = new ServiceHost(new MyService());
host.Open();

所有重要数据都存储在 App.config 文件中，我不必为此更改该文件使固定。

我知道在发送响应消息之前我必须在某处添加标头。

经过一番搜索和黑客攻击后，我发现了 ServiceHost 对象的 Authorization 属性。 Authorization 属性是 ServiceAuthorizationBehavior 类的实例，该类的对象有一个名为 ServiceAuthorizationManager 的属性，该属性是 ServiceAuthorizationManager 类的实例。

通过创建一个继承自 ServiceAuthorizationManager 的新类并将其设置为 ServiceHost 实例的授权行为的 ServiceAuthorizationManager 属性，您可以拦截对服务的所有调用。

这就是我实现我的类的方式

public class MyServiceAuthorizationManager : ServiceAuthorizationManager
{
protected override bool CheckAccessCore(OperationContext operationContext)
{

    HttpResponseMessageProperty prop = new HttpResponseMessageProperty();
    prop.Headers.Add("Access-Control-Allow-Origin", "*");
    operationContext.OutgoingMessageProperties.Add(HttpResponseMessageProperty.Name, prop);

    return true;
}
}

，然后在声明我的 ServiceHost 对象之后（在打开主机之前）我添加此行在

host.Authorization.ServiceAuthorizationManager = new MyServiceAuthorizationManager();

执行此操作、重建并运行我的服务后，错误消息停止显示。万岁！

最后，我阅读了一篇文章，其中描述了 ServiceHost 类是为 SOAP/WSDL 服务而不是 RESTful 服务设计的。对于 RESTful 服务，应使用 WebServiceHost 对象。

因此

ServiceHost host = new ServiceHost(new MyService());
host.Open();

，

WebServiceHost host = new WebServiceHost(new MyService());
host.Open();

您必须添加对以下程序集的引用：

System.ServiceModel.Web

希望这会有所帮助。

来源：

I had this problem when connecting to a WCF RESTful service via AJAX calls

My javascript was this:

var GetData= function(){

    var data;
    $.ajax({
        url:  this.server + "/data",
        async: false,
        type: "GET",
        success: function (success) {
            data = success;
        }
    });
    return data;

};

My service endpoint was opened with this code

ServiceHost host = new ServiceHost(new MyService());
host.Open();

All the important data is stored in the App.config file, I did not have to change that file for this fix.

I knew I had to add the headers somewhere before the response message was sent.

After some searching and hacking I found the Authorization property of a ServiceHost object. The Authorization property is an instance of the ServiceAuthorizationBehavior class whose objects have a property called ServiceAuthorizationManager which is an instance of the ServiceAuthorizationManager class.

By creating a new class that inherits from the ServiceAuthorizationManager and setting it to the ServiceAuthorizationManager property of the Authorization behavior of your ServiceHost instance, you can intercept all calls to your service.

This is how I have implemented my class

public class MyServiceAuthorizationManager : ServiceAuthorizationManager
{
protected override bool CheckAccessCore(OperationContext operationContext)
{

    HttpResponseMessageProperty prop = new HttpResponseMessageProperty();
    prop.Headers.Add("Access-Control-Allow-Origin", "*");
    operationContext.OutgoingMessageProperties.Add(HttpResponseMessageProperty.Name, prop);

    return true;
}
}

then right after I declare my ServiceHost object (before the host is opened) I add this line

host.Authorization.ServiceAuthorizationManager = new MyServiceAuthorizationManager();

After doing this, rebuilding, and running my service the error message stopped showing up. Hooray!

Lastly, I read an article that described the ServiceHost class was designed for SOAP/WSDL services not RESTful services. For RESTful services the WebServiceHost object should be used.

ServiceHost host = new ServiceHost(new MyService());
host.Open();

becomes

WebServiceHost host = new WebServiceHost(new MyService());
host.Open();

You must add references to the following assemblies:

System.ServiceModel.Web

Hope this helps.

Sources:

回复收藏 0 原文

も让我眼熟你 2024-11-22 06:24:24

通常你把它放在响应头中。因此，将其放在您修改/插入其他标头值的标头中，就像这样

header('Access-Control-Allow-Origin: *) //change it according to however header is  set in wcf , since this is php syntax

，您的响应应该具有此标头。

Normally you put this in header of response. So put it in header where you modify/insert other header values like this

header('Access-Control-Allow-Origin: *) //change it according to however header is  set in wcf , since this is php syntax

Point is your response should have this header.

回复收藏 0 原文

可爱咩 2024-11-22 06:24:24

您看到的带有 OPTIONS 方法和 Access-Control-Request-Method: DELETE 标头的请求称为“预检请求”。 CORS 规范要求使用具有副作用（如 DELETE）的方法的请求这样做，以确保资源可以满足该请求。

查看规范的这一部分>>
http://www.w3.org/TR/cors/ #cross-origin-request-with-preflight0

不幸的是，我不知道如何使这种类型的请求与 wcf web api 一起工作。

回复收藏 0 原文

扬花落满肩 2024-11-22 06:24:24

我已经创建

AllowCrossDomainRequestHandler : DelegatingChannel

并为每个响应注册此标头：

response.Headers.Add("Access-Control-Allow-Origin", "*");

I have created

AllowCrossDomainRequestHandler : DelegatingChannel

and for each response I'm registering this header:

response.Headers.Add("Access-Control-Allow-Origin", "*");

回复收藏 0 原文

玩心态 2024-11-22 06:24:24

我使用以下响应标头使其正常工作：

res.writeHead(200, {
        'Content-Type': 'text/plain',
        'Access-Control-Allow-Methods': 'DELETE, POST, GET, OPTIONS',
        'Access-Control-Allow-Origin': '*'
    });

I got this to work using the following response headers:

res.writeHead(200, {
        'Content-Type': 'text/plain',
        'Access-Control-Allow-Methods': 'DELETE, POST, GET, OPTIONS',
        'Access-Control-Allow-Origin': '*'
    });

回复收藏 0 原文

倾听心声的旋律 2024-11-22 06:24:24

首先，对于大多数网络浏览器来说，没有办法真正绕过跨域限制。大多数甚至不允许您更改“accept”标头。所以你必须使用JSONP。 JSONP 是一种从跨域服务获取 JSON 数据的方法，但它以 javascript 片段的形式返回 - 这是允许的。它的工作方式是，您向服务提供回调函数名称，然后跨域服务返回一个简单的 javascript，其中嵌入实际的 JSON 值作为回调函数的参数。现在使用 WCF WebApi（预览版 6）可以很轻松地做到这一点。使用 NuGet 将其安装在 VS 2010 中。安装完成后，请查看此处了解更多信息。