-
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 5 replies
-
Hello @mtlive ! Indeed, authentication and authorization have not been implemented in Ocelot for the Websockets feature. There's an ongoing issue, #1040, which is currently in progress. However, it's unclear when it will be resolved as there are no open PRs at the moment.
I will mark our issue as a duplicate of #1040. At least we have implement both tickets #1040 and #2093 in one PR.
When you said "directly" did you try without Ocelot or with Ocelot? Show us your
|
Beta Was this translation helpful? Give feedback.
-
I don't do authentication at Ocelot, it'll be done at the service. Furthermore, this request isn't in WebSocket.
By directly I mean without Ocelot. {
"Routes": [
{
"DownstreamPathTemplate": "/api/{everything}",
"DownstreamScheme": "http",
"SwaggerKey": "officeautomation",
"DownstreamHostAndPorts": [
{
"Host": "192.168.10.209",
"Port": 5001
}
],
"UpstreamPathTemplate": "/officeautomation/api/{everything}"
}
]
} |
Beta Was this translation helpful? Give feedback.
-
My current understanding of your problem is missing CORS setup in Ocelot web app.
Also read more about CORS problems searching our repo with "UseCors" Finally I'd say you need this setup to enable OPTIONS via CORS ASP.NET policy, from #799 (comment) 👉 services.AddCors();
services.AddOcelot(_config)
// global cors policy
app.UseCors(static x => x
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.DisallowCredentials()
); Hope it helps! |
Beta Was this translation helpful? Give feedback.
-
The |
Beta Was this translation helpful? Give feedback.
-
My original Program.cs public class Startup
{
// This method gets called by the runtime. Use this method to add services to the container.
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
public void ConfigureServices(IServiceCollection services)
{
services.AddOcelot();
services.AddSignalR();
services.AddLogging();
services.AddCors();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors(bu =>
{
bu.AllowAnyMethod().AllowAnyHeader().SetIsOriginAllowed(origin => true).AllowCredentials();
});
app.UseOcelot().Wait();
}
} |
Beta Was this translation helpful? Give feedback.
The
Authorization
header may be missing inAccess-Control-Allow-Headers
for a specific request due to the server not including it in the preflight response. When a browser sends a preflight request, it expects certain headers to be present in the response from the server, includingAuthorization
if it's needed for the actual request. To resolve this, ensure that the server's response to the preflight request includesAccess-Control-Allow-Headers
withAuthorization
listed. Additionally, if the request method isOPTIONS
, you may need to addOPTIONS
to theAccess-Control-Allow-Methods
header as well.