problem
The signalr integrated into asp.net core mvc procedures, according to the official demo configuration is complete, but the connection has been established using a demo page displays the following information.
|
1
|
access to xmlhttprequest at
'http://localhost:8090/signalr-mychathub/negotiate'
from origin
'null'
has been blocked by cors policy: response to preflight request doesn
't pass access control check: the value of the '
access-control-allow-origin
' header in the response must not be the wildcard '
*
' when the request'
s credentials mode
is
'include'
. the credentials mode of requests initiated by the xmlhttprequest
is
controlled by the withcredentials attribute.
|
Original code:
|
1
2
3
4
5
6
7
8
9
10
|
services.addcors(op =>
{
op.addpolicy(monitorstartupconsts.defaultcorspolicyname,
set
=>
{
set
.allowanyorigin()
.allowanyheader()
.allowanymethod()
.allowcredentials();
});
});
|
the reason
The problem occurs because the policy is due cors set incorrectly caused the original settings I allow all sources of origin. However, due to limitations dotnetcore 2.2, unusable allowanyorigin() + allowcredentials() combination, only explicitly specify the source of origin, or indirect effects in the following manner.
solve
Change cors configuration, in corspolicybuilder providing a method for configuring a validation logic. The method name is called setisoriginallowed(func<string, bool> isoriginallowed), the commission will verify the origin of incoming source, if the verification is returned true.
Here we just need to set it to always return true to.
The final code is as follows:
|
1
2
3
4
5
6
7
8
9
10
|
services.addcors(op =>
{
op.addpolicy(monitorstartupconsts.defaultcorspolicyname,
set
=>
{
set
.setisoriginallowed(origin =>
true
)
.allowanyheader()
.allowanymethod()
.allowcredentials();
});
});
|