110 lines
3.3 KiB
C#
110 lines
3.3 KiB
C#
#define snippet2 // snippet1
|
|
using Microsoft.AspNetCore.Builder;
|
|
using Microsoft.AspNetCore.Hosting;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.SignalR;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using System.Collections.Generic;
|
|
using System.Net;
|
|
using System.Threading.Tasks;
|
|
|
|
namespace SignalR_CORS
|
|
{
|
|
public class Startup
|
|
{
|
|
// This method gets called by the runtime. Use this method to add services to the container.
|
|
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
|
|
public void ConfigureServices(IServiceCollection services)
|
|
{
|
|
}
|
|
|
|
#if snippet1
|
|
#region snippet1
|
|
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
|
|
{
|
|
// ... other middleware ...
|
|
|
|
// Make sure the CORS middleware is ahead of SignalR.
|
|
app.UseCors(builder =>
|
|
{
|
|
builder.WithOrigins("https://example.com")
|
|
.AllowAnyHeader()
|
|
.WithMethods("GET", "POST")
|
|
.AllowCredentials();
|
|
});
|
|
|
|
// ... other middleware ...
|
|
|
|
app.UseSignalR(routes =>
|
|
{
|
|
routes.MapHub<ChatHub>("/chathub");
|
|
});
|
|
|
|
// ... other middleware ...
|
|
}
|
|
|
|
#endregion
|
|
#endif
|
|
#if snippet2
|
|
#region snippet2
|
|
|
|
// In Startup, add a static field listing the allowed Origin values:
|
|
private static readonly HashSet<string> _allowedOrigins = new HashSet<string>()
|
|
{
|
|
// Add allowed origins here. For example:
|
|
"https://www.mysite.com",
|
|
"https://mysite.com",
|
|
};
|
|
|
|
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
|
|
{
|
|
// ... other middleware ...
|
|
|
|
// Validate Origin header on WebSocket requests to prevent unexpected cross-site
|
|
// WebSocket requests.
|
|
app.Use((context, next) =>
|
|
{
|
|
// Check for a WebSocket request.
|
|
if (string.Equals(context.Request.Headers["Upgrade"], "websocket"))
|
|
{
|
|
var origin = context.Request.Headers["Origin"];
|
|
|
|
// If there is an origin header, and the origin header doesn't match
|
|
// an allowed value:
|
|
if (!string.IsNullOrEmpty(origin) && !_allowedOrigins.Contains(origin))
|
|
{
|
|
// The origin is not allowed, reject the request
|
|
context.Response.StatusCode = (int) HttpStatusCode.Forbidden;
|
|
return Task.CompletedTask;
|
|
}
|
|
}
|
|
|
|
// The request is a valid Origin or not a WebSocket request, so continue.
|
|
return next();
|
|
});
|
|
|
|
// ... other middleware ...
|
|
|
|
app.UseSignalR(routes =>
|
|
{
|
|
routes.MapHub<ChatHub>("/chathub");
|
|
});
|
|
|
|
// ... other middleware ...
|
|
}
|
|
|
|
#endregion
|
|
#endif
|
|
}
|
|
|
|
public class ChatHub : Hub
|
|
{
|
|
public async Task SendMessage(string user, string message)
|
|
{
|
|
await Clients.All.SendAsync("ReceiveMessage", user, message);
|
|
}
|
|
}
|
|
}
|
|
|
|
|