Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
SignalR/CORS: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’ #4457
Describe the bug
Taking a look at the request I have the following
So the server sends out a '*' instead of just sending out the origin from which the request came. The app needs to allow all origins since our users can add a chat to their own site.
In my Startup.cs I have defined CORS rules as follows
Mind that this was working on 2.1.6 and earlier versions.
In the client side code I can get the chat to work if I set skipNegotiation to true, like this
Been reading through so many threads and I just can't get this to work again, anyone have any ideas as to might be causing it?
Steps to reproduce the behavior:
To not recieve the CORS error, instead have the server return the allowed origin as a URL instead of wildcard '*' since this won't work with credentials, which is needed for SignalR as I understand it (for sticky cookies)
As far as your actual problem, in 2.2
Thank you @BrennanConroy
That's quite bad news then since SignalR requires credentials by default and my app has lots of users with lots of different origins they are calling my app from. Do you have any suggestion for what would be a good solution for this, can the credentials requirements for SignalR be disabled for example (and then removed from my Startup.cs)?
Adding all origins separately is unfortunately not an option as I see it with how our app is working.
EDIT: Oh and also, been searching, but are there any updated documentation regarding these changes for CORS available?
Hmm, OK - can't say I have any deeper knowledge on how to do that but thanks I'll start reading up on how to do it!
The app offers users to place chat widgets on their sites, it's a SaaS so users can then over at our app chat with users on their site
An update regarding this. Thank you so much for sending me the right way! I implemented a custom CORS middleware and now everything is working just as before. For reference is anyone else stumbles upon the same problem: https://stackoverflow.com/questions/44379560/how-to-enable-cors-in-asp-net-core-webapi