惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
Securelist
云风的 BLOG
云风的 BLOG
M
MIT News - Artificial intelligence
Engineering at Meta
Engineering at Meta
雷峰网
雷峰网
C
CERT Recently Published Vulnerability Notes
H
Hackread – Cybersecurity News, Data Breaches, AI and More
S
SegmentFault 最新的问题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
K
Kaspersky official blog
WordPress大学
WordPress大学
I
Intezer
L
Lohrmann on Cybersecurity
V
Vulnerabilities – Threatpost
C
Check Point Blog
A
About on SuperTechFans
AWS News Blog
AWS News Blog
Latest news
Latest news
宝玉的分享
宝玉的分享
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
小众软件
小众软件
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
Cyber Attacks, Cyber Crime and Cyber Security
SecWiki News
SecWiki News
Recorded Future
Recorded Future
Last Week in AI
Last Week in AI
D
Darknet – Hacking Tools, Hacker News & Cyber Security
The Register - Security
The Register - Security
A
Arctic Wolf
V2EX - 技术
V2EX - 技术
Hacker News: Ask HN
Hacker News: Ask HN
V
V2EX
Scott Helme
Scott Helme
I
InfoQ
Project Zero
Project Zero
Security Archives - TechRepublic
Security Archives - TechRepublic
Recent Announcements
Recent Announcements
Spread Privacy
Spread Privacy
Attack and Defense Labs
Attack and Defense Labs
大猫的无限游戏
大猫的无限游戏
Webroot Blog
Webroot Blog
N
News and Events Feed by Topic
博客园 - 司徒正美
Microsoft Security Blog
Microsoft Security Blog
The GitHub Blog
The GitHub Blog
NISL@THU
NISL@THU
L
LangChain Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com

博客园 - 佛西亚

https访问 asp.net Core上传文件 .NET Framework 4.0 DLL注册GAC 使用iText 7读取PDF文件中的文本和图片 用SQL Server Profiler跟踪AX执行的SQL语句 D365升级包 Ant Design Pro V5 + Django Restful Framework Token认证前台实现 Ant Design Pro V5 + Django Restful Framework Token认证后台实现(二) Ant Design Pro V5 + Django Restful Framework Token认证后台实现(一) D365 FO产生随机字符串 D365 FO Array增加排序 D365 FO无法命中断点 Ant Design Pro V5 开发时使用后台服务数据 同步数据库报错 DataEntity增加关联DataSource Java通过代理上传文件到Azure blob 使用iText7操作PDF D365 FO Json序列化和反序列化 D365 FO操作Azure Blob
JavaScript跨域访问
佛西亚 · 2020-11-18 · via 博客园 - 佛西亚

通过fetch访问后台C# Restful服务的时候,如果需要跨域,后台服务要设置支持CORS,否则会报错。

如果站点通过web服务器发布,会报如下错误:
Access to fetch at 'http://192.168.100.2:8080/Services/someAddress' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
如果是通过本地文件系统直接访问,没有把文件放到web服务器上,错误如下
Access to fetch at 'http://192.168.100.2:8080/Services/someAddress' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
可以通过两种方式设置C# Restful WCF Services支持CORS.

1.修改web.config文件

在congfiguration中增加下面的节点,在Configuration里增加Access-Control-Allow-Origin等设置。

<?xml version="1.0"?>
<configuration>  
  <system.serviceModel>         
    <behaviors>
      <endpointBehaviors>
        <behavior name="web">
          <webHttp/>
        </behavior>
      </endpointBehaviors>
    </behaviors>
    <services>
      <service name="AXServices.MobileTransfer">
        <endpoint address="" binding="webHttpBinding" contract="AXServices.MobileTransfer" behaviorConfiguration="web"/>
      </service>
    </services>
  </system.serviceModel>
  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*"/>
        <add name="Access-Control-Allow-Headers" value="Content-Type, Accept" />
        <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS" />
        <add name="Access-Control-Max-Age" value="1728000" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>
</configuration>

不过这种设置对于直接通过文件系统访问的时候不起作用,尝试将Access-Control-Allow-Origin的节点设置成null也没作用,不知道哪里还需要设置,暂时没找到设置的方法,或者这个方法不支持从本地文件发起的访问。
通过web服务器的URL访问可以正常使用。
2.增加Global.asax和Global.asax.cs文件

在Global.asax.cs增加如下代码

protected void Application_BeginRequest(object sender, EventArgs e)
        {
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
            if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
            {
                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "POST, PUT, DELETE");

                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
                HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
                HttpContext.Current.Response.End();
            }
        }

这种方法无论 通过web服务器还是文件访问都可以,将两个文件放到Services目录。