Cors with SignalR - solving the "The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' error
I figured it out. While setting connection in client side I had to add
withCredentials
property to false
So the code looks like:
private startConnection(): void {
this.connection.start({ withCredentials: false }).done((data: any) => {
this.connectionEstablished.emit(true);
this.connectionExists = true;
}).fail((error: any) => this.connectionEstablished.emit(false));
}
This worked for me
app.UseCors(config => config.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin().AllowCredentials());
Got to add the AllowCredentials option
As long as credentials security is used in your application you should specify domain(s) from which CORS requests may come to your server:
app.UseCors(config => config.WithOrigins("http://localhost:8080"));
Value of credentials security is greatly reduced if you're allowing CORS requests from any domain in the world. That is what error message telling us.