Exporteren (0) Afdrukken
Alles uitvouwen
EN
Deze inhoud is niet beschikbaar in uw taal, maar wel in het Engels.

Cross-origin resource sharing

Updated: January 25, 2014

By default, web browsers prevent cross-domain requests when accessing Microsoft Azure Mobile Services. This helps prevent certain script-based attacks against your mobile service from malicious websites. However, this can also prevent a valid web app running in a browser from accessing your mobile service. Cross-origin resource sharing (CORS) is a way for your mobile service to indicate from which domains requests are permitted. CORS enables JavaScript code running in a browser on an external host to interact with your mobile service. To enable a web app to access your mobile service, you must add the host name to the list of approved host names on the Configure tab.

When adding host names to the list, you should consider the following:

  • Specify just the host or domain name, without the scheme part. For example, enter www.contoso.com instead of http://www.contoso.com.

  • An exact match is required. This means that you must enter both www.contoso.com and contoso.com to allow access from both domains.

  • Wildcards are supported. For example, when you enter *.contoso.com all subdomains of contoso.com will have access. Because of matching rules, you must still enter contoso.com separately.

  • The host name values in Allow requests from host names list apply not only to browsers that support CORS but also to older versions of Internet Explorer that do not support CORS. This list is also used when browser-based clients attempt to authenticate with your mobile service.

  • CORS enables access for web apps running in a browser. Native client apps are able to make requests to your mobile service regardless of the CORS settings.

Weergeven:
© 2014 Microsoft