(616) 371-1037

[email protected]

Breaking change in AspNetCore 2.2 for SignalR and CORS

December 6, 2018 - John Waters

No Comments

To get authenticated SignalR hubs to work, you need to allow credentials in CORS, so your aspnetcore code might look like this:

As of 2.2. you can no longer combine AllowAnyOrigin and AllowCredentials! You will see a warning in the debug output:

This warning actually breaks SignalR – the preflight OPTIONS request fails, and POST /<hubname>/negotiate never happens. Your clients no longer connect to your hubs.

I was able to fix this by spelling out the allowed origins instead (I actually put the allowed origin in appSettings, and read from there, so it can vary for local dev, test and prod) :

Sneaky change! Hope this helps you! You can find a wealth of info on CORS and AspNetCore here.

John Waters

Leave a comment

Your email address will not be published. Required fields are marked *