Webapi Address: Wapapi.ebcbuy.comweb Address: wapweb.ebcbuy.com By default, these two domains belong to two different domains, and their interactions have cross-domain issues, but because they all belong to a two-level domain name, As a result, cross-domain behavior can be achieved with a simple setup, but given the fact that two domain names are quite different in the actual production environment, this particular situation is not considered and a more general approach to cross-domain issues is used. First on the WEBAPI there is an interface as shown below we need to call this interface under our web site via Ajax at this point we can see the following results by analyzing the above monitoring results, we can see that this AJAX request is successful, But because the response header does not tell the browser that the interface can cross-access, the browser rejects the return of the request result to the user. By making a breakpoint on the action, it can also be seen that the server has received the request and successfully executed even the browser itself has received the response result, because the cross-domain problem so refused to return to the user so according to the above error, we can easily solve the problem of cross-domain, that is, we need to add in the response headerAccess-control-allow-originthis response data. In IIS we can configure this response header directly in the configuration file so that allrequest can return the response header, or you can use the code to return the corresponding response header separately for the required interface, which is the configuration of the Web. config
By configuring the configuration above, specifyAccess-control-allow-originThe value of the response header returns "*", which means that any domain name can access this WEBAPI
At this time again access, you can see the access is successful, and output the return results in the actual application, we may need to manually set some request hair to the WEBAPI server, as shown below at this time again access WEBAPI can see the different situation from see, this request is not only terminated, And not in the way we expect the post to be requested, but by using the options. Students who understand the HTTP protocol may know that the options method is just a probe into the server and does not return the corresponding body. This is the browser for cross-domain send custom request header of a limit, if the request cross-domain and manually set the request header, then the browser will initiate two requests, one is the options of the preflight, ask the server to support the current more sensitive operation, if the server returned the expected response header data, Then the browser is initiating our request. Through the analysis above, the Web site to be able to send the request header in advance, the server must support the options of the preflight, so here must provide the server implementation. In Microsoft's WEBAPI framework, we can useMicrosoft.AspNet.WebApi.CorsThis component to provide support. After installing the installation with NuGet and then registering it on WEBAPI, we only need to support the options preflight when we need the cross-domain action usage feature, and cross-domain request Webapi, we may find the request is not very successful, However, under IE, the debugging tool gives us a good error alert. From the view, two are returned in the response header of the options preflightAccess-control-allow-originthe response header, the browser prompt does not allow such a result. Think carefully about the above operation can be found that the response header is our own in the Webconfig to assign the server automatically sent, this side of the operation with the previous configuration has created a conflict, delete just in Webconfigconfiguration node in the
After removing the above node, request the server again, you can find the normal return results in the above request, the browser initiated the options pre-check with the real POST request. Sometimes it is necessary to pass information such as cookies to webapi across domains, and we may see here that although a cookie has been successfully written to the browser, the browser does not actively send cookies to the server if it needs to receive cookie information, You need to set the Supportscredentials property to True reference: http://www.asp.net/web-api/overview/security/ Enabling-cross-origin-requests-in-web-api Https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Access_control_CORS
Browser cross-domain access Webapi
