-
Notifications
You must be signed in to change notification settings - Fork 446
SignalR Javascript client CORS issue 'Access-Control-Allow-Origin' header in the response must not be the wildcard #2095
Comments
I have set the Allowed Origins in the Azure Web App to http://localhost:12345 And specifying the origin in Startup.cs:
And now the error:
|
I think it might be because you have both the ASP.NET Core CORS feature and the Azure Web Apps CORS feature, and I think you probably haven't properly specified all the configuration options in the Azure one. Can you try removing all the settings from the Azure portal's CORS settings and try again? The fact that the response headers don't include If that doesn't fix it, let me know and we can keep digging. |
+@HaoK who's done some verification of SignalR and CORS. |
I'll take a look as well @davenewza as a reference point, I got Cors working without Azure in the picture a few days ago using preview 2 bits with https://github.com/HaoK/Random/tree/master/SignalRStuff/CorsServer and https://github.com/HaoK/Random/tree/master/SignalRStuff/CorsClient |
@anurse I have deleted all settings from the Azure Web App CORS configuration and have reverted to my initial CORS configuration in Startup.cs (allow everything). Now getting a 204 from the negotiate endpoint! And it appears to be delivered from Kestrel as well. But this error still comes up in Chrome:
|
Can you post your complete |
I'm experiencing the same issue. Startup.cs looks like this And in my angular client app, which is hosted on localhost:4200 I do: `const hubConnectuion = new HubConnection("http://localhost:54496/signalr");
And I'm still getting |
Ok looks like moving Cors configuration to Configure method in Startup.cs solved the problem: public void Configure(IApplicationBuilder app, IHostingEnvironment env) |
@Maciejszuchta In your earlier code, were you referencing the named policy @davenewza are you still encountering this issue? We haven't had any update from you since my earlier request for your Startup.cs code. |
@anurse I can confirm that it is working now. I assumed that it was due to an update to the package on NPM, but I see there hasn't been a new version. We did remove all CORS settings from the Web App's configuration and our startup looks something as follows:
|
Ok, sounds like maybe the Azure Web App CORS settings were conflicting with the ones in ASP.NET Core. |
I was experiencing the same issue after upgrading my server to the latest <PackageReference Include="Microsoft.AspNetCore.SignalR" Version="1.0.0-rc1-final" /> due to having to upgrade my client package to "@aspnet/signalr": "1.0.0-rc1-update1" I can also confirm that removing all settings from the CORS section of my Azure API Service resolved the issue. |
Sounds like this issue is because of how Azure's CORS settings work. It looks like it doesn't properly support allowing credentials. I'm going to close this issue since this isn't something SignalR can control. |
I am also having the issue as Given below while using angular 5 and .net Core Web API My Startup.cs file in .net Core web Api is public class Startup
|
The 204 request is expected, it's the CORS pre-flight request checking the access control headers associated with the URL. Can you provide a full network trace from Chrome rather than just screenshots? We need to see much more detail about the requests to identify a possible issue. |
Request Header:: OPTIONS /TicketManagerHub/negotiate HTTP/1.1 Response Header:: HTTP/1.1 204 No Content |
I have opened connection in client like:
|
@anurse Is there any problem in connection ?? |
Receiving this error message as per previous posters:
This is the code for my Startup.cs in my API that contains the CORS policy ` public void ConfigureServices(IServiceCollection services)
The hub javascript is setup like this:
I'm attaching my HAR file. |
@anurse Not sure if this issue is considered still open, since the last comment before mine implies something is ongoing. |
@littleowlnest Is ASP.NET Core the only system handling CORS requests? I ask because the HAR file you sent does not show the |
@anurse Yes, it is the only thing handling CORS. It's not running on Azure. I've tried setting CORS using a policy and without i.e. defining the policy in Tried having it I might try some other CORS requests outside of SignalR and see if they yield the same results. It would lead me to determine if this is actually a SignalR issue or a CORS issue. Will revert once done. |
@anurse I'm putting this down to a local environment issue, maybe an interaction between Kestrel and IIS?! I updated the logging to try and provide more information and also changed the name of the log file along the way. I noticed that it didn't change, leading to the conclusion that the new code was never been in play to correct the CORS config. Recycled the IIS app pool and that resolved the stale binaries (although IIS would have already restarted multiple times). Ran into a websockets error, which was quickly resolved by adding it to IIS. Thanks for your help, consider anything I had on this issue resolved. |
Same problem here after updating from |
I am getting 405 status My startup.cs public class Startup
And i am using .netCore 2.1 |
My Application is Here , |
App works for me. Can you follow the diagnostic guide to gather HAR files https://github.com/aspnet/SignalR/wiki/Diagnostics-Guide#network-traces and https://github.com/aspnet/SignalR/wiki/Diagnostics-Guide#attaching-diagnostics-files-to-github-issues |
@Saravanan109587 Your server works flawlessly, and your client issues don't seem to be related to SignalR. |
@eduherminio now i am getting 204 status as previous |
@BrennanConroy i have included my network Trace here |
As I posted in that PR, and in case anyone else can find it useful, I updated my simple example of a server and two clients (C#, JS), which you can use to test your own ones as suggested. I managed to connect to your server using my client without major issues. |
@eduherminio i am using angular client @aspnet/signalr: "^1.0.0",, I couldn't find version 1.0.2 |
I cannot understand what this 204 status code means here,Can any one clarify that. |
@BrennanConroy What I didn't know ist that:
from your posted doc I removed ALLOWED ORIGINS from CORS in App Service (Azure Portal) and enabled CORS in In API App Service the setting is now empty: In Hope you can help me. |
That error appears unrelated to CORS configuration. Also, since this issue is closed, I recommend you open a new one since it's very easy for discussions on closed issues to get lost (since they are closed and not part of our regular triage and bug review process). Could you use the Diagnostics Guide to collect server and client-side logs as well as a network trace and file a new bug with your question? |
@anurse Sure. Thanks for the guidance. |
@enginnerFrankLiu Your request comes from
and that in
before app.UseMvc(); And remove the customHeader setting for |
@ericbrunner firstly thanks your attention for my issue; it does't work; I use switchHost to switch http://gameservice.com:8060 to localhost,that means http://gameservice.com:8060 ==127.0.0.1:8000; you can see pic: Access-Control-Allow-Origin:127.0.0.1:8000 ps: I user asp.net mvc 5 no ConfigureServices method what should i do next ? it really make me so pain.....help |
I guess you are in the wrong forum. MVC5 is not ASP.NET CORE and thereforr not Asp.Net Core SignalR. Have you tried setting http://gameservice.com:8060/ in your CORS HEADER von server side? |
I use wepback to build the dev; the default host is :127.0.0.1:8000; my api is http://gameservice.com:8060/(127.0.0.1:8060) I update webconfig set Access-Control-Allow-Origin value="*" or value="http://127.0.0.1:8000" all api work well, resovle the corss domain ;but signalr run into corss domain problem: if i put url(http://gameservice.com:8060/signalr/DashBoardUserHub/negotiate) in web brower, the singalr work well, “MVC5 is not ASP.NET CORE” ; you are right; my situation is mvc5 + using Microsoft.AspNet.SignalR; + @aspnet/signalr i don't whether is compatible or not; |
add Access-Control-Allow-Credentials" value="true" to webconfig resovle the cross domain problem, thanks for your attention for my issue~ |
This is not compatible. If your server is using the |
Same issue here, my setup:
No matter what, the CORS policy doesn't seem to apply. I was doing it off the official tutorial https://docs.microsoft.com/en-us/aspnet/core/tutorials/signalr?view=aspnetcore-2.1&tabs=visual-studio and then went to Next Steps section in the bottom that talks about CORS only to find out it doesn't work. |
Could you make a new issue and provide some code showing your CORS setup and describe the issue you're having. |
@graforlock Try that, should work. In
and that in
Remove CORS setting from Azure App Service if hosted there. |
I am trying this locally. Still doesn't work, setting AllowAnyOrigin causes CORS exception just as withOrigins. Looks like CORS policy is not applied at all. |
|
Yes locally via localhost, but different apps, and ports is still CORS. I am trying to replicate a real production scenario, not making a backend for frontend style application. Point 2. is beyond question, I have no intent working on Windows just because it works there. But what I might try to do is to create a minimal example and post the issue, but its some work, so probably later today. Here, we would probably see whether the issue is Mac, if this works for you. |
@graforlock If you are still seeing this issue, please file a new issue and include the content of your Startup.cs. The CORS scenario you describe should absolutely work fine in macOS, reproducing on Windows is not necessary. |
@graforlock I am a user like you, just wanted to help. I disconnect now. I had some proxy server issues on Mac |
I are unable to connect to our SignalR hub, hosted on Azure App Service, using the JavaScript client found here: https://docs.microsoft.com/en-us/aspnet/core/signalr/javascript-client?view=aspnetcore-2.1
Startup.cs looks something like this:
I am using the latest 2.1.0-preview2-final libraries.
Allowed origins is set to "*" in the Web App and websockets are enabled:
I am able to connect just fine to this hub using the C# client.
The text was updated successfully, but these errors were encountered: