0
echonos created
GET /signalr?enc_auth_token=token
<br> We just recently had our .net zero based application audited by a security company. We were told that SignalR GET request includes the authentication token as querystring parameter, which happens to pose a high security risk. We were recommended to use the POST method but we could not find the right place to implement this solution. What would you recommend as a solution?
2 Answer(s)
-
0
Hi @echonos
As far as I know, it is not possible to use POST in SignalR, you can cehck https://docs.microsoft.com/en-us/aspnet/core/signalr/javascript-client?view=aspnetcore-5.0.
This token is encrypted and also CORS is enabled in the application. This shouln't be a problem. As an alternative, you can disable SignalR in your application if you don't use it.
-
0
Thank you!
