0

I use SignalR (v2.4.0) in an ASP.NET MVC project with Angular 8 and encounter "Access to XMLHttpRequest at 'https:/demo.com/signalr/negotiate?clientProtocol=2.1&connectionData=' from origin 'http://localhost:20700' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource." error while debugging (also similar error in PROD stage). I have tried to apply fixes on Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method, but most of them not worked or not a global fix. Instead of applying Controller stage, I would prefer a fix globally in Global.asax or Startup.cs (I also tried web.config fixes, but never worked). So, is there any global fix for this problem?

Update: Here is my configuration to fix the problem:

Startup.cs:

using Microsoft.Extensions.DependencyInjection;
using Microsoft.Owin;
using Owin;

[assembly: OwinStartup(typeof(Demo.Web.UI.App_Start.Startup))]
namespace Demo.Web.UI.App_Start
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            app.MapSignalR();
        }
    }
}

web.config:

<system.webServer>

    <httpProtocol>
        <customHeaders>
            <add name="Access-Control-Allow-Origin" value="http://localhost:20700"/>
            <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS"/>
            <add name="Access-Control-Allow-Headers" value="Content-Type"/>
        </customHeaders>
    </httpProtocol>    

</system.webServer>
Improve this question

3 Answers 3

Reset to default
1

To work for me I had this in my startup.cs...

In "ConfigureServices" method:

services.AddCors(options => {
         options.AddDefaultPolicy(builder => {
             builder.WithOrigins("https://www.websitename.com").AllowAnyHeader().AllowAnyMethod();
         });
});

In the "Configure" method I had this:

app.UseCors(builder => {
    builder.WithOrigins("https://www.websitename.com").AllowAnyHeader().AllowAnyMethod();
});

Then in my controller I had this attribute:

[EnableCors]
[Route("api/[controller]")]
[ApiController]
public class SampleController : ControllerBase
{
  ...
}

Does that help?

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

Thanks for your help. BUT, I use ASP.NET MVC and there is no AddCors method. Could you please post whole Startup.cs with using libraries? Additionally, I would prefer a global fix instead of adding [EnableCors("AllowOrigin")] notation to each Controller. Any idea?
You can add the CORS settings in web.config. That's usually how I get it done. gist.github.com/Jalalhejazi/5653347
Modified code above to make it default global policy instead of specifically named policy
@Svend I had already tried as indicated on Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method issue. But I get "The requested page cannot be accessed because the related configuration data for the page is invalid." error and then remove Access-Control-Allow-Methods line. But in this case still encounter "Access to XMLHttpRequest at 'https:/demo.com/signalr/negotiate?clientProtocol=2.1&connectionData=' from origin 'localhost:20700' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource." error. Any idea?
@RobMcCabe I added an Update.
|
1

On your startup.cs:

using Microsoft.Owin.Cors;
using Microsoft.AspNet.SignalR;

...

//Branch the pipeline for requests that start with "/signalr"
app.Map("/signalr", map =>
{
    map.UseCors(CorsOptions.AllowAll);
    var hubConfiguration = new HubConfiguration { };
    hubConfiguration.EnableDetailedErrors = true;
    map.RunSignalR(hubConfiguration);
});
Improve this answer

Comments

0

on Your web.config file change add name="Access-Control-Allow-Origin" value="http://localhost:20700" to add name="Access-Control-Allow-Origin" value="*"

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.