ASP.NET CORE; How to exempt SignalR path from csrf validation?

Asked Aug 23 '20 at 05:47

Active Aug 23 '20 at 05:47

Viewed 365 times

I am using XSRF-TOKEN in my project which works with following configuration:

var tokens = _antiforgery.GetAndStoreTokens(context);
                context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken,
                    new CookieOptions()
                    {
                        SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None,
                        HttpOnly = false
                    });

Besides my SignalR Configuration is like below:

app.UseSignalR(routes =>
            {
                routes.MapHub<ChartHub>("/chart");
            });

But naturally the requests from signalR (WebSockets) get blocked by anti forgery token because I set the HttpOnly configuration to false. How can I set signalR or ASP.NET CORE app to solve this problem?

asked Aug 23 '20 at 05:47

amin mohammadi

ASP.NET CORE; How to exempt SignalR path from csrf validation?

0 Answers0