一、asp.net web form 跨域處理
public static void CorsRequest(HttpContext context)
{
System.Collections.Generic.List<string> lHost = new System.Collections.Generic.List<string>();
#region 添加允許跨域請求的域名列表
lHost.Add("http://register.huacenav.com:6002");
lHost.Add("www.xxx.com");
lHost.Add("www.abc.com");
lHost.Add("abc.com");
#endregion
string host = context.Request.UrlReferrer == null ? "" : context.Request.UrlReferrer.Host + ":" + context.Request.UrlReferrer.Port;//獲取從哪個域名發送的ajax請求本頁面 或者是直接訪問
if (lHost.Contains(host))
{ //在允許的域名列表裏面才添加Access-Control-Allow-Origin響應頭
context.Response.AddHeader("Access-Control-Allow-Origin", "http://" + host);
}
context.Response.AddHeader("Access-Control-Allow-Origin", "http://" + host);
}
二、WebAPI跨域處理
public class CorsHandler : DelegatingHandler
{
const string Origin = "Origin"; const string AccessControlRequestMethod = "Access-Control-Request-Method";
const string AccessControlRequestHeaders = "Access-Control-Request-Headers";
const string AccessControlAllowOrigin = "Access-Control-Allow-Origin";
const string AccessControlAllowMethods = "Access-Control-Allow-Methods";
const string AccessControlAllowHeaders = "Access-Control-Allow-Headers";
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
bool isCorsRequest = request.Headers.Contains(Origin);
bool isPreflightRequest = request.Method == HttpMethod.Options;
if (isCorsRequest)
{
if (isPreflightRequest)
{
return Task.Factory.StartNew<HttpResponseMessage>(() =>
{
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK);
response.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
string accessControlRequestMethod = request.Headers.GetValues(AccessControlRequestMethod).FirstOrDefault();
if (accessControlRequestMethod != null)
{
response.Headers.Add(AccessControlAllowMethods, accessControlRequestMethod);
}
string requestedHeaders = string.Join(", ", request.Headers.GetValues(AccessControlRequestHeaders));
if (!string.IsNullOrEmpty(requestedHeaders))
{
response.Headers.Add(AccessControlAllowHeaders, requestedHeaders);
}
return response;
}
, cancellationToken);
}
else { return base.SendAsync(request, cancellationToken).ContinueWith<HttpResponseMessage>(t => { HttpResponseMessage resp = t.Result; resp.Headers.Add(AccessControlAllowOrigin,
request.Headers.GetValues(Origin).First()); return resp; }); }
}
else { return base.SendAsync(request, cancellationToken); }
}
}
在global.asax中註冊: GlobalConfiguration.Configuration.MessageHandlers.Add(new CorsHandler());//跨域處理