private void CheckCORS(HttpContext context) { if (QueryTool.IsAllowCORS()) { if (context.Request.HttpMethod == "OPTIONS") { context.Response.StatusCode = 204; context.Response.AppendHeader("Access-Control-Allow-Method", "GET,POST,PUT,DELETE"); context.Response.AppendHeader("Access-Control-Allow-Origin", "*"); if (context.Request.Headers["Access-Control-Allow-Headers"] != null) { context.Response.AppendHeader("Access-Control-Allow-Headers", context.Request.Headers["Access-Control-Allow-Headers"]); } else if (context.Request.Headers["Access-Control-Request-Headers"] != null) { context.Response.AppendHeader("Access-Control-Allow-Headers", context.Request.Headers["Access-Control-Request-Headers"]); } context.Response.End(); } else if (context.Request.UrlReferrer == null || context.Request.Url.Authority != context.Request.UrlReferrer.Authority) { //跨域访问 context.Response.AppendHeader("Access-Control-Allow-Origin", "*"); context.Response.AppendHeader("Access-Control-Allow-Credentials", "true"); } } }