Det här innehållet finns inte tillgängligt på ditt språk men här finns den engelska versionen,

Cross-origin resource sharing


Updated: June 16, 2015

By default, web browsers prevent cross-domain requests when accessing Microsoft Azure Mobile Services. This helps prevent certain script-based attacks against your mobile service from malicious websites. However, this can also prevent a valid web app running in a browser from accessing your mobile service. Cross-origin resource sharing (CORS) is a way for your mobile service to indicate from which domains requests are permitted. CORS enables JavaScript code running in a browser on an external host to interact with your mobile service. To enable a web app to access your mobile service, you must add the host name to the list of approved host names on the Configure tab.

When adding host names to the list, you should consider the following:

  • Specify just the host or domain name, without the scheme part. For example, enter www.contoso.com instead of http://www.contoso.com.

  • An exact match is required. This means that you must enter both www.contoso.com and contoso.com to allow access from both domains.

  • Wildcards are supported. For example, when you enter *.contoso.com all subdomains of contoso.com will have access. Because of matching rules, you must still enter contoso.com separately.

  • The host name values in Allow requests from host names list apply not only to browsers that support CORS but also to older versions of Internet Explorer that do not support CORS. This list is also used when browser-based clients attempt to authenticate with your mobile service.

  • CORS enables access for web apps running in a browser. Native client apps are able to make requests to your mobile service regardless of the CORS settings.