我有一个ASP.Net 4.5应用程序,被几个客户使用。该应用程序是在iframe中打开的。目前,应用程序在chrome上运行正常,但IE对所有向服务器发出的ajax请求给出了500错误信息。我们曾经在chrome中得到同样的错误信息,直到我们做了一些CORS更改。以下是对APP.URL重写的更改。
<rewrite>
<outboundRules>
<clear />
<rule name="Add SameSite" preCondition="No SameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=None" />
</rule>
<rule name="Add Secure" preCondition="No Secure">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; Secure" />
</rule>
<preConditions>
<preCondition name="No SameSite">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=None" negate="true" />
</preCondition>
<preCondition name="No Secure">
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; Secure" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
<rules>
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="Off" />
<add input="{REQUEST_METHOD}" pattern="^get$|^head$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
这被添加到AppSetting中。
会话状态
<sessionState mode="SQLServer" cookieSameSite="None" allowCustomSqlDatabase="true" ...>
试试这个。
<system.webServer>
<httpProtocol>
<!-- THESE HEADERS ARE IMPORTANT TO WORK WITH CORS -->
<customHeaders>
<add name="Access-Control-Allow-Origin" value="https://yourwebsite.com/error/500" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Content-Type, accept, origin, X-Requested-With, Authorization, name" />
</customHeaders>
</httpProtocol>
</system.webServer>