蔚蓝网站上的iisnode和cors

Question

我有一个nodejs / expressjs Web API项目设置，当我使用curl对其进行测试时，它可以很好地运行。

这是本地呼叫的输出：

dc-designer-client git:(master) curl -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS --verbose http://0.0.0.0:3000/api/grid
* Hostname was NOT found in DNS cache
*   Trying 0.0.0.0...
* Connected to 0.0.0.0 (127.0.0.1) port 3000 (#0)
> OPTIONS /api/grid HTTP/1.1
> User-Agent: curl/7.37.1
> Host: 0.0.0.0:3000
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
< Access-Control-Allow-Headers: Content-Type, Authorization, Content-Length, X-Requested-With, *
< Content-Type: text/plain; charset=utf-8
< Content-Length: 2
< ETag: W/"2-4KoCHiHd29bYzs7HHpz1ZA"
< Date: Mon, 06 Jul 2015 01:24:01 GMT
< Connection: keep-alive
<
* Connection #0 to host 0.0.0.0 left intact

但是，当我部署到Azure并尝试执行相同的curl语句时，它为我提供了以下内容：

dc-designer-server git:(master) curl -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS --verbose http://dc-server.azurewebsites.net/api/grid
* Hostname was NOT found in DNS cache
*   Trying 23.96.124.25...
* Connected to dc-server.azurewebsites.net (127.0.0.1) port 80 (#0)
> OPTIONS /api/grid HTTP/1.1
> User-Agent: curl/7.37.1
> Host: dc-server.azurewebsites.net
> Accept: */*
> Origin: http://example.com
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
>
* Empty reply from server
* Connection #0 to host dc-server.azurewebsites.net left intact
curl: (52) Empty reply from server

我确信这与iisnode和Azure上的iis有关。 我不知道如何配置Azure WebSite，以允许将OPTIONS预检检查传递到nodejs。

我的server.js代码正在使用cors npm软件包。 当我配置nodejs和express时，此代码在本地工作，但是Azure上的IIS似乎阻止或导致我的代码出现问题。

是否有人使用iisnode配置Azure WebSite允许进行CORS调用？

Answer 1

我在Azure网站上使用nodejs。 我已经安装了cors软件包并启用了来自所有域的请求。 Azure仍在阻止CORS请求。

我更改了web.config（每个站点都有一个，如果一个站点不是部署的一部分，则创建一个站点）。 根据此stackoverflow帖子： 由于CORS，Azure网站上的HTTP OPTIONS请求失败

我在下面完整的web.config-我网站的特定设置，因此无法复制和粘贴。

<?xml version="1.0" encoding="utf-8"?>
<!--
     This configuration file is required if iisnode is used to run node processes behind
     IIS or IIS Express.  For more information, visit:

     https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config
-->

<configuration>
  <system.webServer>
    <!-- Visit http://blogs.msdn.com/b/windowsazure/archive/2013/11/14/introduction-to-websockets-on-windows-azure-web-sites.aspx for more information on WebSocket support -->
    <webSocket enabled="false" />
    <handlers>
      <!-- Indicates that the server.js file is a node.js site to be handled by the iisnode module -->
      <add name="iisnode" path="transpiled/www.js" verb="*" modules="iisnode"/>
    </handlers>
    <rewrite>
      <rules>
        <!-- Do not interfere with requests for node-inspector debugging -->
        <rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
          <match url="^transpiled/www.js\/debug[\/]?" />
        </rule>

        <!-- First we consider whether the incoming URL matches a physical file in the /public folder -->
        <rule name="StaticContent">
          <action type="Rewrite" url="public{REQUEST_URI}"/>
        </rule>

        <!-- All other URLs are mapped to the node.js site entry point -->
        <rule name="DynamicContent">
          <conditions>
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>
          </conditions>
          <action type="Rewrite" url="transpiled/www.js"/>
        </rule>
      </rules>
    </rewrite>

    <!-- 'bin' directory has no special meaning in node.js and apps can be placed in it -->
    <security>
      <requestFiltering>
        <hiddenSegments>
          <remove segment="bin"/>
        </hiddenSegments>
      </requestFiltering>
    </security>

    <!-- Make sure error responses are left untouched -->
    <httpErrors existingResponse="PassThrough" />

    <!--
      You can control how Node is hosted within IIS using the following options:
        * watchedFiles: semi-colon separated list of files that will be watched for changes to restart the server
        * node_env: will be propagated to node as NODE_ENV environment variable
        * debuggingEnabled - controls whether the built-in debugger is enabled

      See https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config for a full list of options
    -->
    <!--<iisnode watchedFiles="web.config;*.js"/>-->

    <httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Methods" value="GET,POST,DELETE,HEAD,PUT,OPTIONS" />
            <add name="Access-Control-Allow-Headers" value="Origin, X-Olaround-Debug-Mode, Authorization, Accept" />
            <add name="Access-Control-Expose-Headers" value="X-Olaround-Debug-Mode, X-Olaround-Request-Start-Timestamp, X-Olaround-Request-End-Timestamp, X-Olaround-Request-Time, X-Olaround-Request-Method, X-Olaround-Request-Result, X-Olaround-Request-Endpoint" />
        </customHeaders>
    </httpProtocol>

  </system.webServer>
</configuration>

复制此部分，并将其插入到关闭的system.webServer标记上方。

<httpProtocol>
    <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Methods" value="GET,POST,DELETE,HEAD,PUT,OPTIONS" />
        <add name="Access-Control-Allow-Headers" value="Origin, X-Olaround-Debug-Mode, Authorization, Accept" />
        <add name="Access-Control-Expose-Headers" value="X-Olaround-Debug-Mode, X-Olaround-Request-Start-Timestamp, X-Olaround-Request-End-Timestamp, X-Olaround-Request-Time, X-Olaround-Request-Method, X-Olaround-Request-Result, X-Olaround-Request-Endpoint" />
    </customHeaders>
</httpProtocol>

要获取web.config，您必须先部署然后通过FTP进入实例。 您可以通过从网站的信息中心点击“下载发布个人资料”链接来完成此操作。

打开文件，它是xml。

<?xml version="1.0"?>
<publishData>
    <publishProfile profileName="secret - Web Deploy" publishMethod="MSDeploy" publishUrl="secret.scm.azurewebsites.net:443" msdeploySite="secret" userName="$secret" userPWD="v0ifRuLpeXf42kurCFHqXSA5uQnAdmx2c7lCHrrQPiyB6TxlXoG0dfJGFndH" destinationAppUrl="http://secret.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="" webSystem="WebSites">
    <databases/>
</publishProfile>
<publishProfile profileName="secret - FTP" publishMethod="FTP" publishUrl="ftp://secret.ftp.azurewebsites.windows.net/site/wwwroot" ftpPassiveMode="True" userName="secret\$secret" userPWD="secret2c7lCHrrQPiyB6TxlXosecret" destinationAppUrl="http://secret.azurewebsites.net" SQLServerDBConnectionString="" mySQLDBConnectionString="" hostingProviderForumLink="" controlPanelLink="" webSystem="WebSites">
<databases/>
</publishProfile>
</publishData>

在FTP的publishProfile元素中，找到URL，用户名和密码。 完整使用所有值，否则将无法使用。

有了web.config后，进行更改并将其上传回站点。 看看是否可行。 它对我有用。

为了使其正常运行，您需要将web.config添加到项目（或站点）的根目录。 否则，Azure将在每次部署时将其淘汰。

Answer 2

事实证明，您无需修改​​Azure IISNode的默认web.config即可处理CORS请求。

在我的server.js NodeJS代码中，我使用的是标准CORS npm软件包。 为了使CORS请求能够在浏览器中工作，我要做的就是将我的请求协议从“ HTTP”更改为“ HTTPS”。

进行此更改后，我就可以使用任何浏览器，也可以使用curl测试我的WebAPI。

Answer 3

这里有一个示例，它同时设置了前端站点和后端站点，并使用CORS进行了设置。 具体来说， 此文件具有逻辑。

话虽如此，这是一个.NET示例。 因此，它表明它通常可以在Azure Web Apps上运行，但是我不确定是否有与IISNode相关的特殊注意事项。