在 mvc4 WebApi 中 json 的 跨域访问
问题:
SEC7120: 在 Access-Control-Allow-Origin 标头中未找到源
解决:
/// <summary>
/// 允许CrossJson
/// </summary>
public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (actionContext == null)
{
throw new ArgumentNullException("actionContext");
}
//actionContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");
//HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
//actionContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
base.OnActionExecuting(actionContext);
}
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
if (actionExecutedContext == null)
{
throw new ArgumentNullException("actionExecutedContext");
}
Debug.Assert(actionExecutedContext.Response != null, "actionExecutedContext.Response != null");
Debug.Assert(actionExecutedContext.Response.Headers != null, "actionExecutedContext.Response.Headers != null");
actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*");
base.OnActionExecuted(actionExecutedContext);
}
}
要注意的是 “ActionFilterAttribute” 是 System.Web.Http.Filters 命名空间的中, 不是 Mvc中的。
public class UserController : ApiController
{
[AllowCrossSiteJson]
public UserInfo Get()
{
return new UserInfo
{
UserName = ICasAuthenticator.GetName()
};
}
}
这样就好了,
其实Api Controller的代码路径更短了。