当我的API位于主网站的子域中时,是否需要启用CORS?
[英]Do I need to enable CORS when my API is on a subdomain of my main website?
问题描述
I have a RESTful api sitting at a subdomain of my website, so it is setup like below: 
我有一个RESTful api坐在我的网站的子域,所以它设置如下:
api.blah.com - RESTful api
blah.com - Website
When I try to do HTTP requests though, I get the following error: 当我尝试执行HTTP请求时,我收到以下错误:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '(index)' is therefore not allowed access.
I thought that because it was on the same domain, this should work, do I need to enable CORS or is there something else I need to do? 我认为,因为它在同一个域上,这应该工作,我需要启用CORS还是还有其他我需要做的事情?
The API is built on ASP.Net Web API, and website is AngularJS based. API建立在ASP.Net Web API上,网站基于AngularJS。
Thanks 谢谢
1 个解决方案
解决方案1
8 已采纳 2014-11-03 22:11:15
Yes you have to enable it. 是的,你必须启用它。 You have to send CORS allow headers from server side to your browser. 您必须从服务器端向浏览器发送CORS允许标头 。 This is because a subdomain counts as a different origin . 这是因为子域计为不同的原点 。 You probably have to allow HTTP methods like PUT, DELETE, OPTIONS as well. 您可能必须允许HTTP方法,如PUT,DELETE,OPTIONS。 At least I guess angular sends that kind of requests too. 至少我猜角度也发送了那种请求。 You have to handle preflight requests (OPTIONS) by these new methods. 您必须通过这些新方法处理预检请求(OPTIONS)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.