Skip to content

Why is the Authorization header missing from Access-Control-Allow-Headers in a request using SignalR and http scheme? #2106

Answered by raman-m
mtlive asked this question in Q&A
Discussion options

You must be logged in to vote

The Authorization header may be missing in Access-Control-Allow-Headers for a specific request due to the server not including it in the preflight response. When a browser sends a preflight request, it expects certain headers to be present in the response from the server, including Authorization if it's needed for the actual request. To resolve this, ensure that the server's response to the preflight request includes Access-Control-Allow-Headers with Authorization listed. Additionally, if the request method is OPTIONS, you may need to add OPTIONS to the Access-Control-Allow-Methods header as well.

Replies: 5 comments 5 replies

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
2 replies
@raman-m
Comment options

@raman-m
Comment options

Comment options

You must be logged in to vote
2 replies
@mtlive
Comment options

@raman-m
Comment options

Comment options

You must be logged in to vote
0 replies
Answer selected by raman-m
Comment options

You must be logged in to vote
1 reply
@raman-m
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
Websockets Ocelot feature: Websockets Configuration Ocelot feature: Configuration SignalR SignalR is Microsoft Websocks technology CORS Cross-Origin Requests (CORS) in ASP.NET Core vs OPTIONS verb and Preflight requests
2 participants
Converted from issue

This discussion was converted from issue #2093 on June 17, 2024 12:36.