2

Working on an app with signalr, managed to solve the cors error with the connection to the API but when trying to connecto to the hub it shows the error below which won't happen when debugging on my local computer even with different port.

Access to fetch at 'http://iisServer:10079/fareg/signalr/negotiate?negotiateVersion=1' from origin 'http://iisServer' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Here is my configuration on the app

        public void ConfigureServices(IServiceCollection services)
    {

        services.AddCors();
        services.AddSignalR();//.AddMessagePackProtocol();

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

        //add Windows authentication for http options request
        services.AddAuthentication(IISDefaults.AuthenticationScheme);
        services.AddMvc(config =>
        {
            var policy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .Build();
            config.Filters.Add(new AuthorizeFilter(policy));
        });

        services.AddDbContext<FAContext>(options =>
            options.UseSqlServer(Configuration.GetConnectionString("FADB")));


        
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        app.UseCors(options =>
        {
            //options.WithOrigins("http://schi-iis1zsus", "http://localhost:4200");
            options.AllowAnyOrigin();
            options.AllowAnyMethod();
            options.AllowAnyHeader();
            options.AllowCredentials();
        });

        app.UseSignalR(routes =>
        {
            routes.MapHub<Hubs.HubFA>("/signalr");
        });

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseHsts();
        }

        app.UseHttpsRedirection();



        app.UseMvc();
    }

Please help, I've looking every where but haven't get a solution to this issue.

Ruben Martinez
  • 35
  • 3
  • Did you install CORS module on IIS? – Bruce Zhang Oct 19 '21 at 03:24
  • https://stackoverflow.com/questions/59468525/access-to-xmlhttprequest-has-been-blocked-origin-asp-net-core-2-2-0-angular-8/59487002#59487002 – Kiril1512 Oct 19 '21 at 08:22
  • Does this answer your question? [Access to XMLHttpRequest has been blocked origin ASP.NET CORE 2.2.0 / Angular 8 / signalr1.0.0 \[(CORS Policy-Access-Control-Allow-Origin) failed\]](https://stackoverflow.com/questions/59468525/access-to-xmlhttprequest-has-been-blocked-origin-asp-net-core-2-2-0-angular-8) – Kiril1512 Oct 19 '21 at 08:23
  • how do you install the CORS module on the IIS? – Ruben Martinez Oct 19 '21 at 21:15
  • Refer to [this docs](https://learn.microsoft.com/en-us/iis/extensions/cors-module/cors-module-configuration-reference) and it has download link. – Bruce Zhang Oct 21 '21 at 07:27

1 Answers1

1

https://learn.microsoft.com/aspnet/core/signalr/security?view=aspnetcore-5.0#cross-origin-resource-sharing

You either need to specify the origins explicitly, or remove AllowCredentials() and set withCredentials to false on the client https://learn.microsoft.com/aspnet/core/signalr/configuration?view=aspnetcore-5.0&tabs=javascript#configure-additional-options-1

Brennan
  • 1,834
  • 1
  • 7
  • 13