Signalr CORS issue
For those who had the same issue with Angular, SignalR 2.0 and Web API 2.2,
I was able to solve this problem by adding the cors configuration in web.config and not having them in webapiconfig.cs and startup.cs
Changes Made to the web.config under <system.webServer>
is as below
<httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="http://localhost" /> <add name="Access-Control-Allow-Methods" value="*" /> <add name="Access-Control-Allow-Credentials" value="true" /> </customHeaders></httpProtocol>
You can look at this snippet from here https://github.com/louislewis2/AngularJSAuthentication/blob/master/AngularJSAuthentication.API/Startup.csand see if it helps you out.
public void Configuration(IAppBuilder app) { HttpConfiguration config = new HttpConfiguration(); ConfigureOAuth(app); app.Map("/signalr", map => { // Setup the CORS middleware to run before SignalR. // By default this will allow all origins. You can // configure the set of origins and/or http verbs by // providing a cors options with a different policy. map.UseCors(CorsOptions.AllowAll); var hubConfiguration = new HubConfiguration { // You can enable JSONP by uncommenting line below. // JSONP requests are insecure but some older browsers (and some // versions of IE) require JSONP to work cross domain //EnableJSONP = true EnableDetailedErrors = true }; // Run the SignalR pipeline. We're not using MapSignalR // since this branch already runs under the "/signalr" // path. map.RunSignalR(hubConfiguration); }); WebApiConfig.Register(config); app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); app.UseWebApi(config); Database.SetInitializer(new MigrateDatabaseToLatestVersion<AuthContext, AngularJSAuthentication.API.Migrations.Configuration>()); }
I have faced the CORS issue in MVC.net
The issue is SignalR negoiate XHR request is issued with credentials = include thus request always sends user cookies
The server has to reply back with response header Access-Control-Allow-Credentials set to true
First approach and this is due the help of other people , configure it at web.config
<configuration> <system.webServer> <httpProtocol> <customHeaders> <add name= "Access-Control-Allow-Origin" value="http://yourdomain:port"/> <add name="Access-Control-Allow-Credentials" value = "true"/> </customHeaders> </httpProtocol> </system.webServer></configuration>
Second approach which I fought to make it work is via code using OWIN CORS
[assembly::OwinStartup(typeof(WebHub.HubStartup), "Configuration"]namespace WebHub{public class HubStartUp{ public void Configuration(IAppBuilder app) { var corsPolicy = new CorsPolicy { AllowAnyMethod = true, AllowAnyHeader = true, SupportsCredentials = true, }; corsPolicy.Origins.Add("http://yourdomain:port"); var corsOptions = new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => { context.Headers.Add("Access-Control-Allow-Credentials", new[] { "true" }); return Task.FromResult(corsPolicy); } } }; app.Map("/signalR", map => { map.UseCors(corsOptions); var config = new HubConfiguration(); map.RunSignalR(config); }); }}}