From 955c2f9654ee0fd487c94d604c1e314c66a88681 Mon Sep 17 00:00:00 2001 From: Natalia Portillo Date: Fri, 14 Nov 2025 16:46:42 +0000 Subject: [PATCH] Add CORS policy. --- Marechai.Server/Program.cs | 25 +++++++++++++++++++++++++ Marechai.Server/appsettings.json | 5 +++++ 2 files changed, 30 insertions(+) diff --git a/Marechai.Server/Program.cs b/Marechai.Server/Program.cs index 5a330b2b..4aee9c31 100644 --- a/Marechai.Server/Program.cs +++ b/Marechai.Server/Program.cs @@ -209,6 +209,28 @@ file class Program builder.Services.AddScoped(); + // Read allowed CORS origins from configuration + string[] allowedOrigins = builder.Configuration.GetSection("CORS:AllowedOrigins").Get(); + + builder.Services.AddCors(options => + { + options.AddPolicy("AllowFrontend", + policy => + { + switch(allowedOrigins) + { + case ["*"]: + policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod(); + + break; + case { Length: > 0 }: + policy.WithOrigins(allowedOrigins).AllowAnyHeader().AllowAnyMethod(); + + break; + } + }); + }); + WebApplication app = builder.Build(); // Configure the HTTP request pipeline. @@ -216,6 +238,9 @@ file class Program app.UseHttpsRedirection(); + // Use CORS before authentication/authorization + app.UseCors("AllowFrontend"); + app.UseAuthentication(); app.UseAuthorization(); diff --git a/Marechai.Server/appsettings.json b/Marechai.Server/appsettings.json index 86477472..e999753e 100644 --- a/Marechai.Server/appsettings.json +++ b/Marechai.Server/appsettings.json @@ -10,6 +10,11 @@ } }, "AllowedHosts": "*", + "CORS": { + "AllowedOrigins": [ + "*" + ] + }, "MarechaiRoles": [ { "Name": "UberAdmin",