problem
The signalr integrated into asp.net core mvc procedures, according to the official demo configuration is complete, but the connection has been established using a demo page displays the following information.
1
|
access to xmlhttprequest at
'http://localhost:8090/signalr-mychathub/negotiate'
from origin
'null'
has been blocked by cors policy: response to preflight request doesn
't pass access control check: the value of the '
access-control-allow-origin
' header in the response must not be the wildcard '
*
' when the request'
s credentials mode
is
'include'
. the credentials mode of requests initiated by the xmlhttprequest
is
controlled by the withcredentials attribute.
|
Original code:
1
2
3
4
5
6
7
8
9
10
|
services.addcors(op =>
{
op.addpolicy(monitorstartupconsts.defaultcorspolicyname,
set
=>
{
set
.allowanyorigin()
.allowanyheader()
.allowanymethod()
.allowcredentials();
});
});
|
the reason
The problem occurs because the policy is due cors set incorrectly caused the original settings I allow all sources of origin. However, due to limitations dotnetcore 2.2, unusable allowanyorigin()
+ allowcredentials()
combination, only explicitly specify the source of origin, or indirect effects in the following manner.
solve
Change cors configuration, in corspolicybuilder
providing a method for configuring a validation logic. The method name is called setisoriginallowed(func<string, bool> isoriginallowed)
, the commission will verify the origin of incoming source, if the verification is returned true
.
Here we just need to set it to always return true
to.
The final code is as follows:
1
2
3
4
5
6
7
8
9
10
|
services.addcors(op =>
{
op.addpolicy(monitorstartupconsts.defaultcorspolicyname,
set
=>
{
set
.setisoriginallowed(origin =>
true
)
.allowanyheader()
.allowanymethod()
.allowcredentials();
});
});
|