SignalR 拒绝连接到 [url],因为它违反了以下内容安全策略指令

SignalR Refused to connect to [url] because it violates the following Content Security Policy directive

我在 .NET 4.8 中创建了一个 SignalR 项目。

我按照文档中的描述正确使用了 signalR。我的两个脚本标签:

<script src="~/Scripts/jquery.signalR-2.4.1.js"></script>
<script src="https://mySignalRServer/signalr/hubs"></script>

我正在按以下方式初始化连接:

$.connection.hub.url = "https://mySignalRServer/signalr";
let screencasting = $.connection.screencastingHub;

$.connection.hub.qs = 'uuid=' + masterGuid + '&master=true';
$.connection.hub.logging = true;
screencasting.client.changeTransport = changeTransport;

$.connection.hub.start({ transport: 'webSockets' }).done(function () {
    console.log('---Connected to signalR server via WebSockets');
});

当代码到达以下行时 $.connection.hub.start() 出现以下错误:

jquery.signalR-2.4.1.js:1871 Refused to connect to 'wss://mySignalRServer/signalr/connect?transport=webSockets&clientProtocol=2.1&uuid=56b12321-1091-48aa-b52f-dc1407b3804a&master=true&connectionToken=WOP95HhCwdN7ogruYHpfrrsZofenOqo5kRDVLJh6S6zUH0AN74cUTEL44qORGBCRMWiGH5ei12826qLB%2BMHFa7YqaN1KeIYmG7dUaE%2B6DiF2CIwaNTl4dwbwR6t3Cxgx&connectionData=%5B%7B%22name%22%3A%22screencastinghub%22%7D%5D&tid=8' because it violates the following Content Security Policy directive: "connect-src https:".

有趣的是,这段代码运行良好。这可能是证书错误吗?我该如何添加这个 Content Security Policy (CSP)。 (enter link description here)

是否在某处添加为header?在html头上?

经过大量测试,这是适合我的解决方案:

Web.config 文件中,我添加了以下行:

<httpProtocol>
      <customHeaders>
        <add name="Content-Security-Policy" value="default-src https:; connect-src https: wss:" />
      </customHeaders>
</<httpProtocol>

有关详细信息,请查看 this and that