Add docs for applying CORS to SignalR hubs without global middleware#36936
Add docs for applying CORS to SignalR hubs without global middleware#36936wadepickett merged 8 commits intomainfrom
Conversation
…cy globally Add a new subsection "Apply a CORS policy to SignalR hub endpoints" under the CORS section in SignalR security docs. Documents two approaches: 1. Using RequireCors on the MapHub endpoint mapping 2. Using the [EnableCors] attribute on the Hub class Applied across all relevant moniker versions (8.0+, 7.0, 6.0, 3.0-5.x). Agent-Logs-Url: https://github.com/dotnet/AspNetCore.Docs/sessions/c6bf092e-343b-49ad-bfa1-e83078d9e265 Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com>
|
@copilot , The "SignalRPolicy" policy name used in code samples isn't defined anywhere in the preceding examples for any version. A brief note or example showing the named policy registration (like BrennanConroy's AddPolicy snippet) would improve clarity. See discussion comment from BrennanConroy on the original issue this PR is for here: #12918 |
…tion Show the AddCors/AddPolicy snippet that defines "SignalRPolicy" before it's referenced in the RequireCors and [EnableCors] examples. Agent-Logs-Url: https://github.com/dotnet/AspNetCore.Docs/sessions/eeaca9de-513b-4a43-a838-4e3f6ca91450 Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com>
Added the |
Co-authored-by: Wade Pickett <wpickett@microsoft.com>
Co-authored-by: Wade Pickett <wpickett@microsoft.com>
There was a problem hiding this comment.
Pull request overview
Adds documentation to the SignalR security guidance showing how to apply a named CORS policy specifically to SignalR hub endpoints (instead of applying a single CORS policy globally), across ASP.NET Core versioned content.
Changes:
- Add a new “Apply a CORS policy to SignalR hub endpoints” subsection with
RequireCorsand[EnableCors]approaches across 6.0/7.0/8.0+ and 3.0–5.x content. - Update
aspnetcore/signalr/security.mdfront matter (addsai-usage, updatesms.date) and include the new subsection for 8.0+.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| aspnetcore/signalr/security.md | Adds the new per-hub CORS subsection for 8.0+ and updates article metadata. |
| aspnetcore/signalr/security/includes/security7.md | Adds the new per-hub CORS subsection for the 7.0 view. |
| aspnetcore/signalr/security/includes/security6.md | Adds the new per-hub CORS subsection for the 6.0 view. |
| aspnetcore/signalr/security/includes/security2.1-5.md | Adds the new per-hub CORS subsection for 3.0–5.x content (endpoint routing style). |
|
@copilot, revert all changes to these files: aspnetcore/signalr/security/includes/security2.1-5.md |
Per BrennanConroy's feedback, these are unsupported versions and don't need the CORS documentation update. The new CORS subsection is retained only in security.md (aspnetcore 8.0+). Agent-Logs-Url: https://github.com/dotnet/AspNetCore.Docs/sessions/c741589c-d9d2-40d2-ad8e-14eed4304350 Co-authored-by: wadepickett <10985336+wadepickett@users.noreply.github.com>
Reverted all changes to those three files in |
|
Removed the update from the non-supported versions of the article. |
Fixes #12918 . Addressing really old backlog issues, a few a sprint per org goals. This one is terribly old but still a gap in the docs today.
Users need to apply CORS policies specifically to SignalR hub endpoints without enabling CORS globally via
UseCorsmiddleware. This is common when different parts of an app require different CORS configurations.Adds a new "Apply a CORS policy to SignalR hub endpoints" subsection documenting two approaches:
security.md— aspnetcore 8.0+ inline moniker onlyPer reviewer feedback from @BrennanConroy, changes are scoped to supported versions only (8.0+). The unsupported-version includes (
security7.md,security6.md,security2.1-5.md) are left unchanged.Cross-references the existing Enable CORS with endpoint routing section.
Internal previews
Internal previews