如何设置Origin Request Header
[英]How to set the Origin Request Header
问题描述
I want to send an AJAX request to a remote API. 
我想向远程API发送AJAX请求。
function Gettest(CourseID) {
var param = { "CourseID": CourseID};
param = JSON.stringify(param);
$.ajax({
type: "Post",
url: apiurl + "Course/DelCoursetargetedaudience",
contentType: "application/json; charset=utf-8",
data: param,
dataType: "json",
success: function (data) {
},
error: function (response) {
}
});
};
But I need to change the origin name, before sending the request. 但是我需要在发送请求之前更改源名称。
Please refer to the image below. 请参考下图。
2 个解决方案
解决方案1
10 已采纳 2017-10-18 10:41:33
In short: you cannot. 简而言之:你做不到。
As described on MDN ; 如MDN所述 ; Origin is a 'forbidden' header, meaning that you cannot change it programatically. Origin是一个'禁止'标题,意味着你无法以编程方式更改它。
You would need to configure the web server to allow CORS requests. 您需要配置Web服务器以允许CORS请求。
To enable CORS, add this to your Web.config 要启用CORS,请将其添加到Web.config中
<system.webServer>
<!-- Other stuff is usually located here as well... -->
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
<system.webServer>
Alternatively, in Global.asax.cs 或者,在Global.asax.cs中
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
/* Some register config stuff is already located here */
}
// Add this method:
protected void Application_BeginRequest()
{
HttpContext.Current.Response.AddHeader
(name: "Access-Control-Allow-Origin", value: "*");
}
}
解决方案2
3 2017-10-18 11:08:42
Just as Baksteen stated, you cannot change this header value in JavaScript. 正如Baksteen所说,您无法在JavaScript中更改此标头值。 You would have to edit your server configuration to allow cross origin requests. 您必须编辑服务器配置以允许跨源请求。
But: After reading your comments, I think you need a solution for debugging and testing only. 但是:在阅读完您的意见后,我认为您只需要一个调试和测试解决方案。
In that case, you can use Chrome and start it with special unsafe parameters. 在这种情况下,您可以使用Chrome并使用特殊的不安全参数启动它。 If you provide this parameters to Chrome, it will allow you cross domain requests. 如果您向Chrome提供此参数,则会允许您跨域请求。
Do not use this chrome instance for other things than testing your page! 除了测试您的页面之外,不要将此chrome实例用于其他内容!
chrome --disable-web-security --user-data-dir
I tried several Add-ons for Firefox and Chrome, but they did not work with recent versions of the browsers. 我为Firefox和Chrome尝试了几个附加组件,但它们不适用于最新版本的浏览器。 So I recommend to switch to chrome and use the parameters above to test your API calls. 所以我建议切换到chrome并使用上面的参数来测试你的API调用。
If you are interested in a more powerful solution, you may want to use a Debugging Proxy, like Fiddler from Telerik . 如果您对更强大的解决方案感兴趣,可能需要使用调试代理,例如来自Telerik的Fiddler 。 You may write a custom rule, so Fiddler changes your headers before the request leaves your PC. 您可以编写自定义规则,因此Fiddler会在请求离开您的PC之前更改您的标头。 But you have to dig into the tool, before you can use all its powers. 但是在你可以使用它的所有功能之前,你必须深入研究这个工具。 This may be interesting, because it may help you out on more than just this debugging issue. 这可能很有趣,因为它可能会帮助您解决这个调试问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.