Azure SignalR Service - Response Headers (How do I add/modify them?)

Ken Wee 20 Reputation points
2024-10-24T02:29:53.9433333+00:00

Hi Guys,

We currently deployed an application that's using Azure SignalR Service for realtime dashboard updates and other uses. There's an ongoing internal InfoSec scan and the <resourse_name>.service.signalr.net endpoint was flagged with a medium risk finding due to the response not having a CSP (Content Security Policy) header.

The specific endpoint is https://<resourse_name>.service.signalr.net/client/negotiate....

Response Headers are currently the ff:

Screenshot 2024-10-21 at 10.46.43

InfoSec wants me to add a CSP header. How do I do that? Is this even possible? I can't seem to find any documentation on adding headers to this endpoint. Hope I could get some guidance.

Thanks in advanced!

  • Ken
Azure SignalR Service
Azure SignalR Service
An Azure service that is used for adding real-time communications to web applications.
151 questions
{count} votes

Accepted answer
  1. Laxman Reddy Revuri 1,130 Reputation points Microsoft Vendor
    2024-11-05T07:59:20.98+00:00

    Hi @Ken Wee
    thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to accept the answer
    Ask: Azure SignalR Service - Response Headers (How do I add/modify them?)
    **Solution:**Using Azure Front Door was not feasible as this would add cost to the build.

    As for the web server side config, this only worked when not using self hosted signalr hub. Did not work for Azure SignalR Service as the endpoint was managed by Azure.

    I was able to get feedback from MS Support Engineer, and they did mention that adding response headers directly to the Azure SignalR Service endpoint was not possible as of today.

    Please don’t forget to Accept Answer and Yes for "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members. 

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.