WEBAPI cross-domain processing

WEBAPI2 Cross-domain issues

One, the cause of cross-domain problem: homologous strategy (same origin policy) is a convention, it is the most core of the browser and the most basic security functions.

This policy is now used by all JavaScript-enabled browsers. The so-called homology refers to the same domain name, protocol, and port. When a browser's two tab pages are opened to Baidu and Google's page when the browser's Baidu tab page executes a script will check the script belongs to which page, that is, check whether the same origin, only and Baidu homologous script will be executed. Because of the limitations of the same-origin policy, JavaScript creates cross-domain problems. Reference: Homologous strategy Two, the solution in WebApi2. Reference:

C # Advanced Series--webapi cross-domain problem solution: CORS

Environment: Vs2013,entity Framework 6.0 Backend Project: WEBAPI 2 Front-end project: type used when submitting Ajax: Application/json1, search for cors in NuGet, install

2. Configure cross-domain settings in file WebApiConfig.cs

3. Because the front-end submits Ajax requests, the type used is Application/json. A pre-request is sent before the POST request is sent, which is the option request.

The front end will continue to send the POST request in order for the backend to correctly respond to the option request, in the config configuration under configure.

These two handlers affect the correct handling of the option request.

<remove name= "extensionlessurlhandler-integrated-4.0"/>
<remove name= "Optionsverbhandler"/>
<remove name= "Traceverbhandler"/>
<add name= "extensionlessurlhandler-integrated-4.0" path= "*." verb= "*" type= " System.Web.Handlers.TransferRequestHandler "precondition=" integratedmode,runtimeversionv4.0 "/>

1, the default configuration:

var cors = new Enablecorsattribute ("*", "*", "*");

Config. Enablecors (cors);

This allows the cross-domain of simple requests to be implemented,

But a non-trivial request is a request that has special requirements for the server, such as a put or delete, or the type of the Content-type field is Application/json. A cors request that is not a simple request, adds an HTTP query request, called a preflight request (preflight), before the formal communication. Options request.

Conditions that trigger the options request:

1, non-GET, POST request

2. The content-type of the POST request is not a regular three: application/x-www-form-urlencoded (Form submitted using the Post method of HTTP), Multipart/form-data (Ibid., But mainly used when the form submits with the file upload, Text/plain (plain text)

3, the payload of the POST request is text/html

4. Set the custom header

However, the cross-domain of non-simple requests cannot be implemented.

You also need to add the <system.webServer> under Web. config

<remove name= "extensionlessurlhandler-integrated-4.0"/>

<remove name= "Optionsverbhandler"/>

<add name= "extensionlessurlhandler-integrated-4.0" path= "*." verb= "*" type= " System.Web.Handlers.TransferRequestHandler "precondition=" integratedmode,runtimeversionv4.0 "/>

Attention:

var cors = new Enablecorsattribute ("10.116.56.69:90", "*", "*");

It's not going to work, write http://10.116.56.69:90.

Note: If you write http://localhost:90, the browser will access the time to access the http://localhost:90, if access to http://10.116.56.69:90, but also can not cross-domain.

Originally from: http://www.cnblogs.com/heifengwll/p/6243374.html

I encountered the pit: managed mode settings for Classic mode at this time it is not valid to work in the integration mode of the adjustment (should be the reason for the difference in the Classic mode of Web. config)

WEBAPI cross-domain processing