52

I have a MVC project in which I have a couple of JSON controller methods I want to expose cross domain. Not the entire site, just these two methods.

I basically want to to the exact thing stated in this post for cors:

http://enable-cors.org/server_aspnet.html

However, the problem is that I have a regular MVC project and not a WEB API, meaning, that I cannot follow the steps regaring the register 

public static void Register(HttpConfiguration config)
{
    // New code
    config.EnableCors();
}

method since it is not present in my MVC project.

Is there a way to use this library although it is a MVC project?

I'm aware of that I can config this through web.config using:

<httpProtocol>
      <customHeaders>
        <clear />
        <add name="Access-Control-Allow-Origin" value="http://www.domain.com" />
      </customHeaders>
</httpProtocol>

But I don't want to expose all methods, and I want to specify more than one domain (2 domains) to have access to my methods...

Liam
  • 27,717
  • 28
  • 128
  • 190
user4309587
  • 551
  • 1
  • 4
  • 6
  • 2
    possible duplicate of [Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method](http://stackoverflow.com/questions/6290053/setting-access-control-allow-origin-in-asp-net-mvc-simplest-possible-method) – Daniel A. White Nov 30 '14 at 21:07
  • Yes, I have seen that, but that is basically the same thing as adding The only problem is that I want to state 2 domains that have access to my json service, not just all (*) or 1 specific.... – user4309587 Nov 30 '14 at 21:11

1 Answers1

73

As described in here: Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method

You should just create an action filter and set the headers there. You can use this action filter on your action methods wherever you want. 

public class AllowCrossSiteJsonAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
        base.OnActionExecuting(filterContext);
    }
}

If you want to add multiple domains, you can't just set the header multiple times. In your action filter you will need to check if the requesting domain is from your list of domains and then set the header.

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        var domains = new List<string> {"domain2.com", "domain1.com"};

        if (domains.Contains(filterContext.RequestContext.HttpContext.Request.UrlReferrer.Host))
        {
            filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*");
        }

        base.OnActionExecuting(filterContext);
    }
Community
  • 1
  • 1
Vsevolod Goloviznin
  • 12,074
  • 1
  • 49
  • 50
  • 1
    Tjis is useful because then I can limit it for only the methods I want to expose, however, I want to allow two different domains..not all (*) and not just one (www.domain.com) Can I add more than one header for origin? Forexample: filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allo‌​w-Origin", "domain1.com"); filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allo‌​w-Origin", "domain2.com"); – user4309587 Nov 30 '14 at 21:39
  • 1
    @user4309587 couldn't you get the domain from `Request` then conditionally add the correct header value? – Jasen Nov 30 '14 at 21:40
  • Great answer! thank you very much...my rep doesn't allow me to guve you a vote though...:( – user4309587 Nov 30 '14 at 21:42
  • did the domaincheck like this... if (!String.IsNullOrEmpty(domains.FirstOrDefault(s => s.Contains(filterContext.RequestContext.HttpContext.Request.UrlReferrer.Host)))) //(filterContext.RequestContext.HttpContext.Request.UrlReferrer.Host)) – user4309587 Dec 01 '14 at 21:01
  • @HelloWorld probably you have wrong setup somewhere. Unfortunately, I can't check it atm – Vsevolod Goloviznin Feb 11 '16 at 15:20
  • The first snippet doesn't compile for me in MVC 5. There is no `HttpContext` property on `filterContext.RequestContext`. – Ergwun Apr 14 '16 at 07:37
  • @Ergwun unfortunately I don't have mvc5 installed so I can't check where you can get access to Response. But essentially you need to add a new header somehow. – Vsevolod Goloviznin Apr 14 '16 at 07:45