更新时间:2023-02-15 19:52:30
One thing you can try is to set the header using the URL Rewrite Module, by adding the following to your Web.config
or ApplicationHost.config
file in %SystemDrive%\inetpub\wwwroot\
.
<configuration>
<system.webServer>
<rewrite>
<outboundRules>
<rule name="Make Access-Control-Allow-Origin echo Origin">
<match serverVariable="RESPONSE_Access-Control-Allow-Origin"
pattern=".+" negate="true" />
<action type="Rewrite" value="{HTTP_ORIGIN}" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>
</configuration>
If the above doesn’t work, then you can try the version in the answer over at CORS in IIS issue with credentials and wildcard in Access-Control-Allow-Origin.
另一种尝试的方法是中的global.asax
或其他服务代码,添加类似:
Another approach to try is, in the global.asax
or other code for your service, add something like:
if (ValidateRequest()) {
Response.Headers.Remove("Access-Control-Allow-Origin");
Response.AddHeader("Access-Control-Allow-Origin", Request.Headers["origin"]);
Response.Headers.Remove("Access-Control-Allow-Credentials");
Response.AddHeader("Access-Control-Allow-Credentials", "true");
Response.Headers.Remove("Access-Control-Allow-Methods");
Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
}
...其中最重要的部分是这样:
...the most important part of that being this:
Response.AddHeader("Access-Control-Allow-Origin", Request.Headers["origin"]);
在任何一种情况下,最终结果都应该是您的后端采用 Origin
请求标头的值,并将其作为 Access-Control-Allow-Origin 的值回显.code>响应标头.
In either case the end effect should be that your backend takes the value of the Origin
request header and echoes it back as the value of the Access-Control-Allow-Origin
response header.