2
As it says in the title, I have a CORS problem with the Credentials using Signalr, the error returned is:
Access to fetch at
https://localhost:54083/notification/negotiate?negotiateVersion=1from originhttp://localhost:3000has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the Response is '' which must be 'true' when the request’s credentials mode is 'include'.
My problem is that I’ve already added in my Startup.Cs, at services.AddCors, the method AllowCredentials(), and now I’ve run out of many options for how to solve.
Follow my methods ConfigureServices and Configure of Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
services.ConfigureCloudFoundryOptions(Configuration);
services.AddSession();
services.AddControllersWithViews();
services.AddControllers();
services.AddControllers().AddNewtonsoftJson(options =>
options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore
);
services.AddCors(options =>
{
options.AddPolicy("ClientPermission", policy =>
{
policy.AllowAnyHeader()
.AllowAnyMethod()
.WithOrigins("http://localhost:3000")
.AllowCredentials();
});
});
services.AddSignalR();
var key = Encoding.ASCII.GetBytes(Configuration.GetValue<string>("JWT:Key"));
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
x.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
var accessToken = context.Request.Query["access_token"];
// If the request is for our hub...
var path = context.HttpContext.Request.Path;
if (!string.IsNullOrEmpty(accessToken) &&
(path.StartsWithSegments("/notification")))
{
// Read the token out of the query string
context.Token = accessToken;
}
return Task.CompletedTask;
}
};
});
services.AddSingleton<IUserIdProvider, NameUserIdProvider>();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCors("ClientPermission");
app.UseRouting();
app.UseSession();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapHub<NotificationHub>("/notification");
});
}
}
The frontend is in React and is made the consumption of the Signalr service in this way here:
useEffect(() => {
const newConnection = new HubConnectionBuilder()
.withUrl("https://localhost:54083/notification")
.withAutomaticReconnect()
.build();
setConnection(newConnection);
}, []);
useEffect(() => {
if (connection) {
console.log(connection)
connection
.start()
.then((result) => {
console.log("Connected!");
connection.on("ReceiveMessage", (message) => {
setNotifications(...notifications.push(message));
});
})
.catch((e) => console.log("Connection failed: ", e));
}
}, [connection]);
already tried to complement the CORS policy with the argument Withmethods? thus: . Withmethods("PUT", "DELETE", "GET", "OPTIONS")
– M. Bertolazo
@M.Bertolazo tried here but it didn’t work. The problem has to do with the lack of a value for Access-Control-Allow-Credentials, not with the methods being sent.
– scriptador
Try adding the . Withcredentials parameter in the policy
– M. Bertolazo
WithCredentials()is no longer used, apparently.– scriptador