Reputation: 4260
Response to preflight request doesn't pass access control check in signalR
The application has been working flawlessly in .net core 2.1. The signalR server's configuration looks like the following code snippet in public void ConfigureServices(IServiceCollection services) method:
```
services.AddCors(setupAction =>
setupAction.AddPolicy("MyPolicy",
builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()))
```
And in Configuration method I have the following code snippet:
```
app.UseCors("MyPolicy")
```
The angular client app's code starts the connection like the following code snippet:
```
this._connection = this._connection || new HubConnectionBuilder()
.withUrl('https://localhost:44314/xyz/test?abc=123', options)
.build();
```
As I said, this setup has always been working fine. I upgraded the .net core application (signalR server) from 2.1 to 2.2 (dotnetcore SDK ver 2.2.101) and I upgraded the signalR client package to 1.1.0. The signalR server serves an angular app and another C# application. The C# application connects to the signalR server perfectly and it does whatever it's supposed to do but the angular app produces the following error message:
Access to XMLHttpRequest at 'https://localhost:44314/xyz/test/negotiate?abc=123' from origin 'https://localhost:44303' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
The signalR client's version is 1.1.0 in both angular app and the C# client application.
Any reasons why such an upgrade to .net core 2.2 causes this communication failure and what the possible solution is?!
Upvotes: 0
Views: 4482
Answers (2)
Reputation: 4260
There are two solutions for this problem that can one pick either of them:
Solution 1: Either specify the CORS origin explicitly. Solution 2: Or write a middleware to produce the expected headers.
Further info found here:
https://github.com/aspnet/AspNetCore/issues/4457
Upvotes: 1
Reputation: 32517
As you can see, browser expalins clearly what is wrong. You cannot use allowAnyOrigin (thats Access-Control-Allow-Origin: * in response with allowCredentials). Either narrow down the origin access or remove credentials allowance.
I am not sure if the credentials part is caused because of rule to accept credential headers or because credentials are actually present in the request. You will have to check that out.
Any reasons why such an upgrade to .net core 2.2 causes this communication failure
Maybe implementation did change in that manner in a way that internally mentioned options were mutually exclusive while now full control is given back to the programmer - but that is only a lucky guess.
Upvotes: 1
Related Questions
- Cors with SignalR - solving the "The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' error
- CORS policy don't want to work with SignalR and ASP.NET core
- CORS error when using SignalR Core in angular app
- CORS policy issue with angular 7 and ASP.NET core 2.2 using SIGNAL R
- Signalr CORS issue
- Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is ''
- CORS in ASP.Net MVC with SignalR causes "Access-Control-Allow-Origin" error
- ASP.net core signalr angular client, error "Response to preflight request doesn't pass access control check"
- Signalr CORS Requests
- Weird behavior of CORS with signalR and ASP.NET MVC 3