This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming .Net/C # asp.net MVC allows a single controller method to cross domains
View: 44999|Reply: 4

[ASP.NET] asp.net MVC allows a single controller method to cross domains

[Copy link]
Posted on 7/31/2018 10:13:37 AM | | | |
What is Cors?

CORS is a W3C standard, which stands for "Cross-origin resource sharing".
It allows the browser to make XMLHttpRequest requests to cross-origin servers, thus overcoming the limitation that AJAX can only be used homogeneously.

1. Introduction

CORS requires both browser and server support. Currently, all browsers support this feature, and IE browser cannot be lower than IE10.

The entire CORS communication process is completed automatically by the browser and does not require user participation. For developers, CORS communication is no different from homologous AJAX communication, and the code is exactly the same. Once the browser finds that an AJAX request crosses the source, it will automatically add some additional header information, and sometimes one more additional request, but the user will not feel it.

Therefore, the key to achieving CORS communication is the server. As long as the server implements the CORS interface, it can communicate across sources.

In fact, web server programs (such as ASP.NET or PHP, etc.) cannot distinguish and will not manage whether an incoming Http request is a cross-domain Ajax request.CORS is designed to solve this problem, and the W3C custom CORS standard gives browsers a mechanism to allow Ajax cross-domain requests.

2: Native JS Ajax request code

Since I don't want to reference jQuery, I encapsulated the following methods with js, as follows:

Ajax requests interface tests and finds an error as follows:




Three: Set a controller method to allow cross-domain

So soAll are allowedThe controller or API method is cross-domain, in the web.config filesystem.webServerThe following configuration is added under the node:

The above is not the result we wanted! If we want to allow only a domain name to access one of our interfaces across domains, we need to define a feature that looks like this:

The code for setting cross-domain access permissions is this paragraph HttpContext.Response.AppendHeader("Access-Control-Allow-Origin", origin);

We set the characteristics on top of the controller method as follows:

We initiate the Ajax request again with the result as shown below:



API interface resources from our other websites can be successfully accessed.

(End)





Previous:Hi all{:1_7:}
Next:CSS text is hidden beyond the two methods

Related Posts
 Landlord| Posted on 6/17/2019 2:23:05 PM |
HTTP request methods are not only GET and POST, but are just the most commonly used. According to RFC2616 standard (current HTTP/1.1), there are usually 8 methods: OPTIONS,, POST, PUT, DELETE, TRACE, and CONNECT.

The OPTIONS request method has two main uses:

1. Get the HTTP request method supported by the server; It is also a method often used by hackers.

2. Used to check the performance of the server. For example, when AJAX makes a cross-domain request, it needs to send an HTTP OPTIONS header to the resource of another domain name to determine whether the actual request is secure.
 Landlord| Posted on 11/4/2019 5:29:52 PM |
jquery.min.js:2 Cross-Origin Read Blocking (CORB) blocked cross-origin response http://192.168.252.193:2019/home/testwith MIME type application/json. Seehttps://www.chromestatus.com/feature/5629709824032768for more details.
 Landlord| Posted on 1/19/2020 3:33:23 PM |

Posted on 11/12/2021 3:59:52 PM |
Well written, learned
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com