How to Enable Cross-Origin Resource Sharing (CORS) on IIS7?-JS Tutorial-php.cn

How to Enable Cross-Origin Resource Sharing (CORS) on IIS7?

Mary-Kate Olsen

Release： 2024-10-26 04:39:02

Original

971 people have browsed it

How to Enable Cross-Origin Resource Sharing (CORS) on IIS7?

Enabling Cross-Origin Resource Sharing (CORS) on IIS7

Cross-Origin Resource Sharing (CORS) allows web applications running on different origins to make HTTP requests to each other. However, by default, XHR requests to other domains are not permitted.

Enabling CORS on the Target Domain

To enable CORS on the target domain, add the following custom headers to the web.config file:

<code class="xml"><?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" /
        <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" /
        <add name="Access-Control-Allow-Headers" value="Content-Type" /
      </customHeaders>
    </httpProtocol>
  </system.webServer>
</configuration></code>

Copy after login

IIS7 Configuration

After enabling CORS on the target domain, you may still encounter a 405 Method Not Allowed response. This is likely due to IIS7 handling the HTTP OPTIONS response instead of your application.

To resolve this:

Navigate to the site's Handler Mappings in IIS7.
Locate the 'OPTIONSVerbHandler' mapping.
Change the 'ProtocolSupportModule' to 'IsapiHandler'.
Set the executable to '%windir%Microsoft.NETFrameworkv4.0.30319aspnet_isapi.dll'.

Alternatively, Respond to HTTP OPTIONS in Code

You can also respond to the HTTP OPTIONS verb in your BeginRequest method:

<code class="csharp">    protected void Application_BeginRequest(object sender, EventArgs e)
    {
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");

        if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
        {
            // Pre-flight OPTIONS call
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
            HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
            HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
            HttpContext.Current.Response.End();
        }
    }</code>

Copy after login

The above is the detailed content of How to Enable Cross-Origin Resource Sharing (CORS) on IIS7?. For more information, please follow other related articles on the PHP Chinese website!