我已经创建了 Azure API 管理服务并连接了我的 API。我添加了CORS
对他们的政策。
我检查了计算有效政策结果就是这个政策
<policies>
<inbound>
<!-- base: Begin Product scope -->
<!-- base: Begin Global scope -->
<cors allow-credentials="true">
<allowed-origins>
<origin>https://developer.mydomain.com</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="300">
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<!-- base: End Global scope -->
<!-- base: End Product scope -->
<cors>
<allowed-origins>
<origin>*</origin>
</allowed-origins>
<allowed-methods>
<method>GET</method>
<method>POST</method>
</allowed-methods>
</cors>
</inbound>
<backend>
<!-- base: Begin Product scope -->
<!-- base: Begin Global scope -->
<forward-request />
<!-- base: End Global scope -->
<!-- base: End Product scope -->
</backend>
<outbound />
<on-error />
</policies>
如果我用 C# 调用 API,它就可以工作。然后,我创建了一个简单的JavaScript来调用API,但没有办法避免CORS
。我尝试了不同的 JavaScript
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
</head>
<body>
<script>
var url = '';
var headerKey = 'subscription-Key';
var headerValue = 'e1e21';
$.ajax({
url: url,
beforeSend: function(xhrObj){
// Request headers
xhrObj.setRequestHeader("Origin","https://www.puresourcecode.com/");
xhrObj.setRequestHeader("Access-Control-Allow-Origin","https://www.puresourcecode.com/");
xhrObj.setRequestHeader("Access-Control-Request-Method","GET");
xhrObj.setRequestHeader("Access-Control-Allow-Credentials","true");
xhrObj.setRequestHeader("Access-Control-Request-Headers","X-Custom-Header");
xhrObj.setRequestHeader("Access-Control-Allow-Headers","Origin, Content-Type, Accept, Authorization, X-Request-With");
xhrObj.setRequestHeader(headerKey,headerValue);
},
type: "GET",
contentType: "application/json; charset=utf-8",
})
.done(function(data) {
alert("success");
})
.fail(function() {
alert("error");
});
// jQuery preflight request
$.ajax({
type: "GET",
headers: {headerKey: headerValue},
url: url
}).done(function (data) {
console.log(data);
});
// XMLHttpRequest preflight request
var xhr = new XMLHttpRequest();
xhr.open("GET", url, true);
xhr.setRequestHeader(headerKey, headerValue);
xhr.onload = function () {
console.log(xhr.responseText);
};
xhr.send();
// Fetch preflight request
var myHeaders = new Headers();
myHeaders.append(headerKey, headerValue);
fetch(url, {
headers: myHeaders
}).then(function (response) {
return response.json();
}).then(function (json) {
console.log(json);
});
</script>
</body>
</html>
他们都失败了,因为CORS
。我尝试添加preflight-result-max-age="300"
并还指定了allowed-headers
就像我用来传递订阅密钥但没有成功的那样。我还尝试将此文件复制到我的服务器中,但出现相同的错误。
As origin
I set *
因为我认为这样每个 URL 的每个请求都会被接受,但显然不会。
在 Azure API 管理中应用的正确设置是什么以避免CORS
?