C# 添加自定义响应头；当服务调用引发异常时，标头将丢失

我的global.asax.cs中有以下代码，用于为某些域启用跨域AJAX请求：

    protected void Application_BeginRequest(object sender, EventArgs e)
    {
        string whiteList =
            System.Configuration.ConfigurationManager.AppSettings["AjaxCrossDomainWhitelist"];

        if (!string.IsNullOrWhiteSpace(whiteList))
        {

            string[] whiteListDomains = whiteList.Split(';');

            string origin = Request.Headers["origin"];

            if (!string.IsNullOrEmpty(origin))
            {
                origin = origin.ToLower();

                foreach (string domain in whiteListDomains)
                {
                    if (domain.ToLower() == origin)
                    {
                        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", domain);
                        break;
                    }
                }
            }



            if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
            {

                //These headers are handling the "pre-flight" OPTIONS call sent by the browser
                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
                //Access Control policy has a lifetime of one hour
                HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "3600");
                HttpContext.Current.Response.End();
            }
        }

    }

当网站上调用的其中一个web服务成功返回时，“Access Control Allow Origin”标头将成功发送，一切正常。但是，当服务调用导致异常时；“Access Control Allow Origin”头仍然添加到HttpContext.Response中；我通过捕获应用程序请求并检查Response.Headers集合来确认了这一点。然而，当我在Firebug、Chrome Dev Tools或Charles中检查发送的响应时，“Access Control Allow Origin”标题没有发送，我不知道为什么

---

有指针吗？

创建一个HTTP模块，并在web.config中注册它，而不是在global.asax中注册