问题
To connect via SignalR to an ASP.NET Core 2.1 server from any origin, we had to configure the pipeline as follows:
app.UseCors (
builder => builder
.AllowAnyHeader ()
.AllowAnyMethod ()
.AllowAnyOrigin ()
.AllowCredentials ()
)
According to this document, ASP.NET Core 2.2 no longer allows the combination of AllowAnyOrigin and AllowCredentials, so what would be the solution? Whereas the SignalR Core always sends withCredentials:true in the XMLHtppRequest.
What I need is that from any origin and without credentials, our users can connect to the SignalR Hub.
回答1:
There is a workaround, change AllowAnyOrigin to SetIsOriginAllowed:
app.UseCors(builder => builder
.AllowAnyHeader()
.AllowAnyMethod()
.SetIsOriginAllowed(_ => true)
.AllowCredentials()
);
回答2:
I have found a solution. You can try the following code part:
.SetIsOriginAllowed (_ => true)
This worked for me.
回答3:
You can use the "WithOrigins" method passing the origins, maybe read by configuration.
app.UseCors(builder => builder
.AllowAnyHeader()
.AllowAnyMethod()
.WithOrigins(new string[] { "www.example1.com", "www.example2.com" })
.AllowCredentials()
);
If the only string passed is " * " you still have problems with signalR. If you pass many strings and one of them is " * ", it works.
来源:https://stackoverflow.com/questions/53786977/signalr-core-2-2-cors-allowanyorigin-breaking-change