rest - ColdFusion REST API 启用 CORS

Question

我正在尝试使用 coldfusion 组件构建 REST API，但我不知道如何启用 CORS。我正在使用 IIS 10 和 ColdFusion 2016。我在 IIS 中找不到任何地方可以按照谷歌上的说明配置 CORS，而且我在 CF 管理设置下看不到任何地方可以启用 CORS，所以我想我会尝试在我的API 而不是在每个环境中摆弄配置，我将其部署到(qa、uat、prod)。

这是我的 application.cfc 当前的样子，您可以在 onRequestStart 中看到我正在尝试设置 header (我尝试过两种方法)

<cfscript>
    component output="false" {
        this.name = ....


        public boolean function onApplicationStart() {\
            restInitApplication( ... );
            return true;
        }

        public void function onApplicationEnd(ApplicationScope) {
            return;
        }

        public void function onMissingTemplate(targetPage) {
            return;
        }

        public void function onRequestStart(targetPage) {
            cfheader(name="Access-Control-Allow-Origin", value="*");
            // i've also tried ...
            GetPageContext().getResponse().addHeader("Access-Control-Allow-Origin","*");
        }

        public void function onSessionStart() {
            return;
        }

        public void function onSessionEnd(sessionScope, applicationScope) {
            return;
        }
    }
</cfscript>

Answer 1

我建议安装 IIS CORS 模块 - reference .以下是该引用资料的片段:

Functionality Overview
The Microsoft IIS CORS Module is an extension that enables web sites to support the CORS(Cross-Origin Resource Sharing) protocol.

The IIS CORS module provides a way for web server administrators and web site authors to make their applications support the CORS protocol. With this module, developers can move CORS logic out of their applications and rely on the web server. The module's handling of CORS requests is determined by rules defined in the configuration. These CORS rules can be easily defined or configured making it simple to delegate all CORS protocol handling to the module.

IIS CORS module is a server-side CORS component
The CORS protocol governs client/server communication. Usually, web browsers act as the client-side CORS component, while the IIS server works as the server-side CORS component with the help of the IIS CORS module.

A CORS request occurs when a protocol aware client, such as a web browser, makes a request to a domain (origin) that differs from the current domain. This scenario is known as a cross-origin request. When CORS is not used, cross-origin requests will be blocked by the client. When the CORS module is used, IIS will inform clients whether a cross-origin request can be performed based on the IIS configuration.

不要尝试从 ColdFusion 实现它，让网络服务器做它设计的事情。安装模块后，您可以在 web.config 文件中为任何/所有 IIS 站点创建所需的规则。

示例配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
    <cors enabled="true" failUnlistedOrigins="true">
        <add origin="*" />
        <add origin="https://*.microsoft.com"
             allowCredentials="true"
             maxAge="120"> 
            <allowHeaders allowAllRequestedHeaders="true">
                <add header="header1" />
                <add header="header2" />
            </allowHeaders>
            <allowMethods>
                 <add method="DELETE" />
            </allowMethods>
            <exposeHeaders>
                <add header="header1" />
                <add header="header2" />
            </exposeHeaders>
        </add>
        <add origin="http://*" allowed="false" />
    </cors>
</system.webServer>
</configuration>

You can download the IIS CORS module from here.