Add content about enabling CORS for SignalR without applying the policy globally. #12918
Description
I encountered a situation where the CORS policy used for SignalR could not be enabled as the middleware default for the entire application. Instead I needed to use a specific policy only for the requests to the SignalR hubs.
Maybe it would be helpful to add a subsection about "Cross-origin resource sharing" that describes how to branch the request pipeline in order to apply a CORS policy specifically for SignalR, which would then allow an application to use attributes to enable CORS elsewhere instead of using middleware.
public void Configure(IApplicationBuilder app)
{
...
app.Map("/hubs", config =>
{
// Must be called before mapping SignalR hubs
config.UseCors(builder =>
{
builder.WithOrigins("https://myorigin:5000")
.WithMethods("Get", "Post")
.AllowAnyHeader()
.AllowCredentials();
});
config.UseSignalR(routes =>
{
routes.MapHub<ChatHub>("/chat");
});
});
}Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 8af11946-ea05-3be2-6fa1-c4c01aa76d8c
- Version Independent ID: 58e87eb0-240b-ab00-c5f4-32a0ab2e0028
- Content: Security considerations in ASP.NET Core SignalR
- Content Source: aspnetcore/signalr/security.md
- Product: aspnet-core
- Technology: aspnetcore-signalr
- GitHub Login: @bradygaster
- Microsoft Alias: anurse