Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CORS in ASP .NET MVC5

I have a MVC project in which I have a couple of JSON controller methods I want to expose cross domain. Not the entire site, just these two methods.

I basically want to to the exact thing stated in this post for cors:

http://enable-cors.org/server_aspnet.html

However, the problem is that I have a regular MVC project and not a WEB API, meaning, that I cannot follow the steps regaring the register

public static void Register(HttpConfiguration config) {     // New code     config.EnableCors(); } 

method since it is not present in my MVC project.

Is there a way to use this library although it is a MVC project?

I'm aware of that I can config this through web.config using:

<httpProtocol>       <customHeaders>         <clear />         <add name="Access-Control-Allow-Origin" value="http://www.domain.com" />       </customHeaders> </httpProtocol> 

But I don't want to expose all methods, and I want to specify more than one domain (2 domains) to have access to my methods...

like image 498
user4309587 Avatar asked Nov 30 '14 21:11

user4309587


People also ask

How do I enable CORS in asp net web?

In Features View, double-click HTTP Response Headers. On the HTTP Response Headers page, in the Actions pane, click Add. In the Add Custom HTTP Response Header dialog box, type a name, and a value or set of values separated with commas (,) in the Name and Value boxes. Click OK.

What is CORS in ASP NET MVC?

CORS Stands for Cross-Origin Resource Sharing. It is a W3C Standard that allows a server to relax the same-policy. Using CORS, a server can explicitly allow some cross-origin requests while rejecting others.

What is CORS in asp net core?

CORS means cross-origin resource sharing. You'll see more in just a minute, but in a nutshell, CORS is a mechanism—an HTTP protocol, to be exact—that allows web applications to access resources hosted on different domains (or origins.)


1 Answers

As described in here: Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method

You should just create an action filter and set the headers there. You can use this action filter on your action methods wherever you want.

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute {     public override void OnActionExecuting(ActionExecutingContext filterContext)     {         filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");         base.OnActionExecuting(filterContext);     } } 

If you want to add multiple domains, you can't just set the header multiple times. In your action filter you will need to check if the requesting domain is from your list of domains and then set the header.

    public override void OnActionExecuting(ActionExecutingContext filterContext)     {         var domains = new List<string> {"domain2.com", "domain1.com"};          if (domains.Contains(filterContext.RequestContext.HttpContext.Request.UrlReferrer.Host))         {             filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");         }          base.OnActionExecuting(filterContext);     } 
like image 138
Vsevolod Goloviznin Avatar answered Sep 25 '22 01:09

Vsevolod Goloviznin