您可以尝试的一件事是使用

One thing you can try is to set the header using the URL Rewrite Module, by adding the following to your Web.config or ApplicationHost.config file in %SystemDrive%\inetpub\wwwroot\.

<configuration> 
    <system.webServer> 
        <rewrite> 
            <outboundRules> 
                <rule name="Make Access-Control-Allow-Origin echo Origin"> 
                    <match serverVariable="RESPONSE_Access-Control-Allow-Origin"
                           pattern=".+" negate="true" /> 
                    <action type="Rewrite" value="{HTTP_ORIGIN}" /> 
                </rule> 
            </outboundRules> 
        </rewrite> 
    </system.webServer> 
</configuration>

如果上述方法不起作用，则可以在

If the above doesn’t work, then you can try the version in the answer over at CORS in IIS issue with credentials and wildcard in Access-Control-Allow-Origin.

另一种尝试的方法是中的global.asax 或其他服务代码，添加类似:

Another approach to try is, in the global.asax or other code for your service, add something like:

if (ValidateRequest()) {
    Response.Headers.Remove("Access-Control-Allow-Origin");
    Response.AddHeader("Access-Control-Allow-Origin", Request.Headers["origin"]);
    Response.Headers.Remove("Access-Control-Allow-Credentials");
    Response.AddHeader("Access-Control-Allow-Credentials", "true");
    Response.Headers.Remove("Access-Control-Allow-Methods");
    Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
}

...其中最重要的部分是这样:

...the most important part of that being this:

Response.AddHeader("Access-Control-Allow-Origin", Request.Headers["origin"]);

在任何一种情况下，最终结果都应该是您的后端采用 Origin 请求标头的值，并将其作为 Access-Control-Allow-Origin 的值回显.code>响应标头.

In either case the end effect should be that your backend takes the value of the Origin request header and echoes it back as the value of the Access-Control-Allow-Origin response header.