stackoom
  简体   繁体   中英

CORS settings for IIS 7.5

 原文  2015-02-12 21:53:34       asp.net/ iis/ cors/ web-config/ iis-7.5

Question

How can I convert the following code for use in the web.config in IIS 7.5 and where in the web.config file I should place each piece of code?

# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
 
# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

2 answers

solution1
 23  2015-05-13 18:31:55

If you are asking this to solve CORS problem, you can follow this solution below.

NOTE: Before adding all this you should consider security issues.

  1. Add this to your web.config file: 

     <system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, HEAD, OPTIONS" /> <add name="Access-Control-Allow-Credentials" value="true"/> <add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" /> </customHeaders> </httpProtocol> </system.webServer>

  2. If you have Content-type parameter in your ajax call or you are doing PUT request.Those are considered as PreFlight requests.Preflight requests are doing OPTION request before sending main request(PUT,DELETE etc).You can add below method to your global.asax file to pass successfully OPTION process: 

     protected void Application_BeginRequest() { if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS") { Response.Flush(); } }

To have more information about Preflight requests you can check here

For solution number 2 you can have detailed information from here

solution2
 1  2021-05-04 16:30:51

Some updates needs to be considered as Chrome now adds strict-origin-when-cross-origin as default referrer-policy, so if you don't set a referrer policy in the web.config, you might still run into the CORS issue. This is the setting worked for me when testing a localhost test program against a remote server (the settings are not recommended for production):

<system.webServer>
   <httpProtocol>
     <customHeaders>
         <add name="Referrer-Policy" value="no-referrer" />
         <add name="Access-Control-Allow-Origin" value="*" />
         <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, HEAD, OPTIONS" />
         <add name="Access-Control-Allow-Credentials" value="true"/>
         <add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" />
     </customHeaders>
   </httpProtocol>
</system.webServer>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Authentication settings in IIS 7.5 and ASP.Net, what is difference? IIS 7.5 custom redirects IIS 7.5 ApplicationPoolIdentity Permissions Routing not working on IIS 7.5 IIS 7.5 - 403 Forbidden Virtual Directory in IIS 7.5 IIS 7.5 and Authorisation CropZoom not working with IIS 7.5 but works with IIS 7.5 Express Redirect in IIS 7.5/8 with regular expression extensionless url in IIS7.5
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM