{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 该账号已被封号 的问题《Can someone provide a CorsPolicy implementation wi》','https://www.manongdao.com/q-587562.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Referring to the SignalR Hubs API Guide
indicates the following information in the configuration comments:
// Setup the CORS middleware to run before SignalR.
// By default this will allow all origins. You can
// configure the set of origins and/or http verbs by
// providing a cors options with a different policy.
map.UseCors(CorsOptions.AllowAll);
however, the Origins property of System.Web.CorsPolicy has a private setter, no constructor that allows origins to be injected, and no exposed setter method. With regards to the Origins list, it seems to only expose an "AllowAllOrigins" property and then a useless Origins getter that is only reflecting out the empty List that is constructed during CorsPolicy construction.
Of particular note, the default app.UseCors(CorsOptions.AllowAll) setting is entirely incoherent. By its own tooltip, it is "A policy that allows all headers, all methods, any origin, and supports credentials."
A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true
My configuration is currently the "stupid simple" SignalR config
public void Configuration(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
app.MapSignalR();
}
Can anyone provide a Microsoft.Owin.Cors.CorsMiddleware example that would reimplement the "AllowAll" Options with an explicit whitelist for Access-Control-Allow-Origin?
Have you looked at the source for
CorsOptions.AllowAll? It shows how theCorsOptionsis created. You could do something likeAs you can see, you set the
PolicyResolverproperty, which is aFunc<IOwinRequest, Task<CorsPolicy>>. Based on theIOwinContext(for the current request), you need to return aCorsPolicy(also, see its source). This should have the properties you need to fine tune your policy. The list properties have private setters (probably to avoid potentialnullpointers), but they're all initialized in the default constructor, so you should be able to add to them.