[英]SignalR Core 2.2 CORS AllowAnyOrigin() breaking change
To connect via SignalR to an ASP.NET Core 2.1 server from any origin, we had to configure the pipeline as follows:要通过 SignalR 从任何来源连接到 ASP.NET Core 2.1 服务器,我们必须按如下方式配置管道:
app.UseCors (
builder => builder
.AllowAnyHeader ()
.AllowAnyMethod ()
.AllowAnyOrigin ()
.AllowCredentials ()
)
According to this document, ASP.NET Core 2.2 no longer allows the combination of AllowAnyOrigin and AllowCredentials, so what would be the solution?根据这个文档,ASP.NET Core 2.2 不再允许 AllowAnyOrigin 和 AllowCredentials 的组合,那么解决方案是什么? Whereas the SignalR Core always sends withCredentials:true in the XMLHtppRequest.
而 SignalR Core 始终在 XMLHtppRequest 中发送 withCredentials:true。
What I need is that from any origin and without credentials, our users can connect to the SignalR Hub.我需要的是,我们的用户可以从任何来源且无需凭据连接到 SignalR Hub。
There is a workaround, change AllowAnyOrigin
to SetIsOriginAllowed
:有一个解决方法,将
AllowAnyOrigin
更改为SetIsOriginAllowed
:
app.UseCors(builder => builder
.AllowAnyHeader()
.AllowAnyMethod()
.SetIsOriginAllowed(_ => true)
.AllowCredentials()
);
I have found a solution.我找到了解决办法。 You can try the following code part:
您可以尝试以下代码部分:
.SetIsOriginAllowed (_ => true)
This worked for me.这对我有用。
You can use the "WithOrigins" method passing the origins, maybe read by configuration.您可以使用传递来源的“WithOrigins”方法,也许可以通过配置读取。
app.UseCors(builder => builder
.AllowAnyHeader()
.AllowAnyMethod()
.WithOrigins(new string[] { "www.example1.com", "www.example2.com" })
.AllowCredentials()
);
If the only string passed is " * " you still have problems with signalR.如果传递的唯一字符串是“*”,则 signalR 仍然存在问题。 If you pass many strings and one of them is " * ", it works.
如果您传递许多字符串并且其中之一是“*”,它就可以工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.