private void CheckCORS(HttpContext context)
{
if (QueryTool.IsAllowCORS())
{
if (context.Request.HttpMethod == "OPTIONS")
{
context.Response.StatusCode = 204;
context.Response.AppendHeader("Access-Control-Allow-Method", "GET,POST,PUT,DELETE");
context.Response.AppendHeader("Access-Control-Allow-Origin", "*");
if (context.Request.Headers["Access-Control-Allow-Headers"] != null)
{
context.Response.AppendHeader("Access-Control-Allow-Headers", context.Request.Headers["Access-Control-Allow-Headers"]);
}
else if (context.Request.Headers["Access-Control-Request-Headers"] != null)
{
context.Response.AppendHeader("Access-Control-Allow-Headers", context.Request.Headers["Access-Control-Request-Headers"]);
}
context.Response.End();
}
else if (context.Request.UrlReferrer == null || context.Request.Url.Authority != context.Request.UrlReferrer.Authority)
{
//跨域访问
context.Response.AppendHeader("Access-Control-Allow-Origin", "*");
context.Response.AppendHeader("Access-Control-Allow-Credentials", "true");
}
}
}
