using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Http.Filters; namespace Project1.Application.Web.API { public class CrossSiteAttribute: System.Web.Http.Filters.ActionFilterAttribute { //使用方法: /* 在需要跨域的 action 增加[CrossSite]屬性 例子: [CrossSite] [HttpPost] public HttpResponseMessage GetData() { StringBuilder sb = new StringBuilder(); sb.AppendFormat(@" SELECT p.province as 'name',a.gaidu as 'value' FROM MapQueryDataBySheng a INNER JOIN t_Province p ON a.areaid=p.id"); DataTable dt = SQLHelper.ExecDataTable(sb.ToString(), null); string strJson = DataTableToJsonWithJsonNet(dt); return new HttpResponseMessage { Content = new StringContent(strJson, Encoding.GetEncoding("UTF-8"), "application/json") }; } */ private const string Origin = "Origin"; /// <summary> /// Access-Control-Allow-Origin是HTML5中定義的一種服務器端返回Response header,用來解決資源(比如字體)的跨域權限問題。 /// </summary> private const string AccessControlAllowOrigin = "Access-Control-Allow-Origin"; /// <summary> /// originHeaderdefault的值可以使 URL 或 *,如果是 URL 則只會允許來自該 URL 的請求,* 則允許任何域的請求 /// </summary> private const string originHeaderdefault = "*"; /// <summary> /// 該方法允許api支持跨域調用 /// </summary> /// <param name="actionExecutedContext"> 初始化 System.Web.Http.Filters.HttpActionExecutedContext 類的新實例。</param> public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext) { if (actionExecutedContext != null) { actionExecutedContext.Response.Headers.Add(AccessControlAllowOrigin, originHeaderdefault); } } } }