蔚蓝网站上的iisnode和cors
[英]iisnode and cors on azure websites
问题描述
I have an nodejs/expressjs Web API project setup that works perfectly fine when I test it using curl. 
我有一个nodejs / expressjs Web API项目设置,当我使用curl对其进行测试时,它可以很好地运行。
Here is the output for the local call: 这是本地呼叫的输出:
dc-designer-client git:(master) curl -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS --verbose http://0.0.0.0:3000/api/grid
* Hostname was NOT found in DNS cache
* Trying 0.0.0.0...
* Connected to 0.0.0.0 (127.0.0.1) port 3000 (#0)
> OPTIONS /api/grid HTTP/1.1
> User-Agent: curl/7.37.1
> Host: 0.0.0.0:3000
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
< Access-Control-Allow-Headers: Content-Type, Authorization, Content-Length, X-Requested-With, *
< Content-Type: text/plain; charset=utf-8
< Content-Length: 2
< ETag: W/"2-4KoCHiHd29bYzs7HHpz1ZA"
< Date: Mon, 06 Jul 2015 01:24:01 GMT
< Connection: keep-alive
<
* Connection #0 to host 0.0.0.0 left intact
However when I deploy to azure and try executing the same curl statement, it gives me the following: 但是,当我部署到Azure并尝试执行相同的curl语句时,它为我提供了以下内容:
dc-designer-server git:(master) curl -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS --verbose http://dc-server.azurewebsites.net/api/grid
* Hostname was NOT found in DNS cache
* Trying 23.96.124.25...
* Connected to dc-server.azurewebsites.net (127.0.0.1) port 80 (#0)
> OPTIONS /api/grid HTTP/1.1
> User-Agent: curl/7.37.1
> Host: dc-server.azurewebsites.net
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
>
* Empty reply from server
* Connection #0 to host dc-server.azurewebsites.net left intact
curl: (52) Empty reply from server
I am sure this has to do with iisnode and iis on azure. 我确信这与iisnode和Azure上的iis有关。 What I don't know is how to configure the Azure WebSite to allow the OPTIONS preflight check to pass through to nodejs. 我不知道如何配置Azure WebSite,以允许将OPTIONS预检检查传递到nodejs。
My server.js code is using the cors npm package. 我的server.js代码正在使用cors npm软件包。 This code works locally when I configure nodejs and express but it seems that IIS on Azure is blocking or causing issues with my code. 当我配置nodejs和express时,此代码在本地工作,但是Azure上的IIS似乎阻止或导致我的代码出现问题。
Has anyone configured Azure WebSites using iisnode to allow for CORS calls? 是否有人使用iisnode配置Azure WebSite允许进行CORS调用?
3 个解决方案
解决方案1
1 2015-07-09 04:49:55
I am using nodejs on Azure Websites. 我在Azure网站上使用nodejs。 I've installed the cors package and enabled requests from all domains. 我已经安装了cors软件包并启用了来自所有域的请求。 Azure was still being blocking the CORS request. Azure仍在阻止CORS请求。
I changed the web.config (each site has one, if one is not part of the deployment, then one is created). 我更改了web.config(每个站点都有一个,如果一个站点不是部署的一部分,则创建一个站点)。 Per this stackoverflow post: HTTP OPTIONS request on Azure Websites fails due to CORS 根据此stackoverflow帖子: 由于CORS,Azure网站上的HTTP OPTIONS请求失败
My complete web.config below - There are setting specific to my site, so copying and pasting it won't work. 我在下面完整的web.config-我网站的特定设置,因此无法复制和粘贴。
<?xml version="1.0" encoding="utf-8"?>
<!--
This configuration file is required if iisnode is used to run node processes behind
IIS or IIS Express. For more information, visit:
https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config
-->
<configuration>
<system.webServer>
<!-- Visit http://blogs.msdn.com/b/windowsazure/archive/2013/11/14/introduction-to-websockets-on-windows-azure-web-sites.aspx for more information on WebSocket support -->
<webSocket enabled="false" />
<handlers>
<!-- Indicates that the server.js file is a node.js site to be handled by the iisnode module -->
<add name="iisnode" path="transpiled/www.js" verb="*" modules="iisnode"/>
</handlers>
<rewrite>
<rules>
<!-- Do not interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^transpiled/www.js\/debug[\/]?" />
</rule>
<!-- First we consider whether the incoming URL matches a physical file in the /public folder -->
<rule name="StaticContent">
<action type="Rewrite" url="public{REQUEST_URI}"/>
</rule>
<!-- All other URLs are mapped to the node.js site entry point -->
<rule name="DynamicContent">
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>
</conditions>
<action type="Rewrite" url="transpiled/www.js"/>
</rule>
</rules>
</rewrite>
<!-- 'bin' directory has no special meaning in node.js and apps can be placed in it -->
<security>
<requestFiltering>
<hiddenSegments>
<remove segment="bin"/>
</hiddenSegments>
</requestFiltering>
</security>
<!-- Make sure error responses are left untouched -->
<httpErrors existingResponse="PassThrough" />
<!--
You can control how Node is hosted within IIS using the following options:
* watchedFiles: semi-colon separated list of files that will be watched for changes to restart the server
* node_env: will be propagated to node as NODE_ENV environment variable
* debuggingEnabled - controls whether the built-in debugger is enabled
See https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config for a full list of options
-->
<!--<iisnode watchedFiles="web.config;*.js"/>-->
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,POST,DELETE,HEAD,PUT,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Olaround-Debug-Mode, Authorization, Accept" />
<add name="Access-Control-Expose-Headers" value="X-Olaround-Debug-Mode, X-Olaround-Request-Start-Timestamp, X-Olaround-Request-End-Timestamp, X-Olaround-Request-Time, X-Olaround-Request-Method, X-Olaround-Request-Result, X-Olaround-Request-Endpoint" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Copy this section and insert it just above the closing system.webServer tag. 复制此部分,并将其插入到关闭的system.webServer标记上方。
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,POST,DELETE,HEAD,PUT,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Olaround-Debug-Mode, Authorization, Accept" />
<add name="Access-Control-Expose-Headers" value="X-Olaround-Debug-Mode, X-Olaround-Request-Start-Timestamp, X-Olaround-Request-End-Timestamp, X-Olaround-Request-Time, X-Olaround-Request-Method, X-Olaround-Request-Result, X-Olaround-Request-Endpoint" />
</customHeaders>
</httpProtocol>
To get the web.config, you'll have to deploy and then FTP into the instance. 要获取web.config,您必须先部署然后通过FTP进入实例。 You can do this by clicking the "Download the publish profile" link from the site's dashboard. 您可以通过从网站的信息中心点击“下载发布个人资料”链接来完成此操作。
Open the file up, it's xml. 打开文件,它是xml。
<?xml version="1.0"?>
<publishData>
<publishProfile profileName="secret - Web Deploy" publishMethod="MSDeploy" publishUrl="secret.scm.azurewebsites.net:443" msdeploySite="secret" userName="$secret" userPWD="v0ifRuLpeXf42kurCFHqXSA5uQnAdmx2c7lCHrrQPiyB6TxlXoG0dfJGFndH" destinationAppUrl="http://secret.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="" webSystem="WebSites">
<databases/>
</publishProfile>
<publishProfile profileName="secret - FTP" publishMethod="FTP" publishUrl="ftp://secret.ftp.azurewebsites.windows.net/site/wwwroot" ftpPassiveMode="True" userName="secret\$secret" userPWD="secret2c7lCHrrQPiyB6TxlXosecret" destinationAppUrl="http://secret.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="" webSystem="WebSites">
<databases/>
</publishProfile>
</publishData>
In the publishProfile element for FTP, your find the url, username and password. 在FTP的publishProfile元素中,找到URL,用户名和密码。 Use the values in their entirety, otherwise it won't work. 完整使用所有值,否则将无法使用。
Once you have the web.config, make changes and upload it back to the site. 有了web.config后,进行更改并将其上传回站点。 See if that works. 看看是否可行。 It did for me. 它对我有用。
For it to keep working, you'll need to add the web.config to the root of the project (or site). 为了使其正常运行,您需要将web.config添加到项目(或站点)的根目录。 Otherwise Azure will blow it away on each deployment. 否则,Azure将在每次部署时将其淘汰。
解决方案2
0 已采纳 2015-07-12 15:33:58
It turns out that you don't need to modify the default web.config for Azure IISNode to handle CORS requests. 事实证明,您无需修改Azure IISNode的默认web.config即可处理CORS请求。
In my server.js NodeJS code, I am using the standard CORS npm package. 在我的server.js NodeJS代码中,我使用的是标准CORS npm软件包。 What I had to change to get my CORS requests to work across browsers was to change the protocol for my requests from "HTTP" to "HTTPS". 为了使CORS请求能够在浏览器中工作,我要做的就是将我的请求协议从“ HTTP”更改为“ HTTPS”。
Once this change was made, I was able to use any browser as well as test my WebAPI using curl. 进行此更改后,我就可以使用任何浏览器,也可以使用curl测试我的WebAPI。
解决方案3
-1 2015-07-06 18:12:19
There is a sample here that sets up both a front end and back end site, and is set up with CORS. 这里有一个示例,它同时设置了前端站点和后端站点,并使用CORS进行了设置。 Specifically, this file has the logic. 具体来说, 此文件具有逻辑。
That being said, this is a .NET sample. 话虽如此,这是一个.NET示例。 So it shows that it can work on Azure Web Apps in general, but I'm not sure whether there are special considerations related to IISNode. 因此,它表明它通常可以在Azure Web Apps上运行,但是我不确定是否有与IISNode相关的特殊注意事项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.