Cors with SignalR - 解决“The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' 错误
Cors with SignalR - solving the "The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' error
我正在使用 Angular 2 和 ASP.NET Core with SignalR。
我遇到如下错误:
XMLHttpRequest cannot load
http://localhost:55916/signalr//signalr/negotiate?clientProtocol=1.5&connectionData=%5B%7B%22name%22%3A%22event%22%7D%5D&_=1486394845411.
The value of the 'Access-Control-Allow-Origin' header in the response
must not be the wildcard '*' when the request's credentials mode is
'include'. Origin 'http://localhost:8080' is therefore not allowed
access. The credentials mode of requests initiated by the
XMLHttpRequest is controlled by the withCredentials attribute.
这是我的应用配置:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["data:secretKey"]));
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCors(config =>
config.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
app.UseWebSockets();
app.UseSignalR("/signalr");
app.UseMvc();
}
我也有 Angular 2 SignalR 服务
constructor(){
//setups...
this.connection = $.hubConnection(this.baseUrl + 'signalr/');
this.proxy = this.connection.createHubProxy(this.proxyName);
this.registerOnServerEvents();
this.startConnection();
}
正在注册服务器事件:
private registerOnServerEvents(): void {
this.proxy.on('FoodAdded', (data: any) => {
debugger;
this.foodchanged.emit(data);
});
this.proxy.on('FoodDeleted', (data: any) => {
debugger;
this.foodchanged.emit('this could be data');
});
this.proxy.on('FoodUpdated', (data: any) => {
debugger;
this.foodchanged.emit('this could be data');
});
this.proxy.on('SendMessage', (data: ChatMessage) => {
debugger;
console.log('received in SignalRService: ' + JSON.stringify(data));
this.messageReceived.emit(data);
});
this.proxy.on('newCpuValue', (data: number) => {
debugger;
this.newCpuValue.emit(data);
});
}
错误从头开始。
只要您的应用程序中使用了凭据安全性,您就应该指定 CORS 请求可能来自您的服务器的域:
app.UseCors(config => config.WithOrigins("http://localhost:8080"));
如果您允许来自世界上任何域的 CORS 请求,则凭据安全性的价值会大大降低。这就是错误消息告诉我们的内容。
这对我有用
app.UseCors(config => config.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin().AllowCredentials());
必须添加 AllowCredentials 选项
我明白了。在客户端设置连接时,我必须添加
withCredentials
属性 为假
因此代码如下所示:
private startConnection(): void {
this.connection.start({ withCredentials: false }).done((data: any) => {
this.connectionEstablished.emit(true);
this.connectionExists = true;
}).fail((error: any) => this.connectionEstablished.emit(false));
}
我正在使用 Angular 2 和 ASP.NET Core with SignalR。
我遇到如下错误:
XMLHttpRequest cannot load http://localhost:55916/signalr//signalr/negotiate?clientProtocol=1.5&connectionData=%5B%7B%22name%22%3A%22event%22%7D%5D&_=1486394845411. The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:8080' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
这是我的应用配置:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration["data:secretKey"]));
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
app.UseCors(config =>
config.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
app.UseWebSockets();
app.UseSignalR("/signalr");
app.UseMvc();
}
我也有 Angular 2 SignalR 服务
constructor(){
//setups...
this.connection = $.hubConnection(this.baseUrl + 'signalr/');
this.proxy = this.connection.createHubProxy(this.proxyName);
this.registerOnServerEvents();
this.startConnection();
}
正在注册服务器事件:
private registerOnServerEvents(): void {
this.proxy.on('FoodAdded', (data: any) => {
debugger;
this.foodchanged.emit(data);
});
this.proxy.on('FoodDeleted', (data: any) => {
debugger;
this.foodchanged.emit('this could be data');
});
this.proxy.on('FoodUpdated', (data: any) => {
debugger;
this.foodchanged.emit('this could be data');
});
this.proxy.on('SendMessage', (data: ChatMessage) => {
debugger;
console.log('received in SignalRService: ' + JSON.stringify(data));
this.messageReceived.emit(data);
});
this.proxy.on('newCpuValue', (data: number) => {
debugger;
this.newCpuValue.emit(data);
});
}
错误从头开始。
只要您的应用程序中使用了凭据安全性,您就应该指定 CORS 请求可能来自您的服务器的域:
app.UseCors(config => config.WithOrigins("http://localhost:8080"));
如果您允许来自世界上任何域的 CORS 请求,则凭据安全性的价值会大大降低。这就是错误消息告诉我们的内容。
这对我有用
app.UseCors(config => config.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin().AllowCredentials());
必须添加 AllowCredentials 选项
我明白了。在客户端设置连接时,我必须添加
withCredentials
属性 为假
因此代码如下所示:
private startConnection(): void {
this.connection.start({ withCredentials: false }).done((data: any) => {
this.connectionEstablished.emit(true);
this.connectionExists = true;
}).fail((error: any) => this.connectionEstablished.emit(false));
}