[英]Web API - Protect GET from anchor tag using CORS
i have created a GET web api method that is going to be referred to from an anchor tag outside of my application (one of our vendors). 我创建了一个GET Web api方法,该方法将从我的应用程序(我们的供应商之一)外部的定位标记中引用。
i was thinking this would not work out of the box because of CORS but I guess this only happens when making calls via javascript / ajax ??? 我以为这会因为CORS而无法立即使用,但是我猜这只会在通过javascript / ajax拨打电话时发生?
what would be a good solution to ensure this method is only called by certain domains (including our site)? 确保该方法仅由某些域(包括我们的网站)调用的最佳解决方案是什么?
[EnableCors(origins: "http://example.com, http://example1.com", headers: "*", methods: "*")]
public class Controller1 : ApiController
{
...
}
Put this attribute above your controller class Replace http://example.com and http://example1.com with domains you want to allow 将此属性放在您的控制器类上方用您要允许的域替换http://example.com和http://example1.com
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.