Weird behavior of CORS with signalR and ASP.NET MVC 3

Question

I'm using signalR 0.5.3, my web application is located at localhost:1234, my hub is at localhost:5678, which means same host name and different ports. Both are on IIS 7 Express, Windows 7.

When I add this to web.config of my hub server.

<add name="Access-Control-Allow-Origin" value="*" />

The Google Chrome's console yells:

 The 'Access-Control-Allow-Origin' header contains the invalid value 'http://localhost:1234, *'.

But when I remove that config, it yells:

No 'Access-Control-Allow-Origin' header is present on the requested resource.

I searched all over the solution to make sure that there was nowhere to have

Response.AppendHeader("Access-Control-Allow-Origin", "*");

or

map.UseCors(CorsOptions.AllowAll);

Does anyone know why hub server keeps returning 2 orgins and how to tell it to do the right job?

Thanks in advance.

Answer 1

To enable cross-domain SignalR requests with SignalR 0.5.3, you should call MapHubs as follows:

RouteTable.Routes.MapHubs(new HubConfiguration() { EnableCrossDomain = true });

Manually manipulating the Access-Control-Allow-Origin header is likely to cause problems since SignalR will set the header for you if you enable cross-domain access in MapHubs.

IAppBuilder.UseCors is OWIN middleware provided by the Microsoft.Owin.Cors NuGet package. This middleware is not compatible with SignalR 0.5.3, but can be used with newer versions of SignalR which don't have the EnableCrossDomain option.

I go over some other common SignalR cross-domain pitfalls in the following answer: Cross-domain will not work with a SignalR PersistentConnection