Add CORS policy.

2025-12-16 11:04:25 +00:00 · 2025-11-14 16:46:42 +00:00
parent 4a5708b910
commit 955c2f9654
2 changed files with 30 additions and 0 deletions
--- a/Marechai.Server/Program.cs
+++ b/Marechai.Server/Program.cs
@@ -209,6 +209,28 @@ file class Program

        builder.Services.AddScoped<TokenService, TokenService>();

+        // Read allowed CORS origins from configuration
+        string[] allowedOrigins = builder.Configuration.GetSection("CORS:AllowedOrigins").Get<string[]>();
+
+        builder.Services.AddCors(options =>
+        {
+            options.AddPolicy("AllowFrontend",
+                              policy =>
+                              {
+                                  switch(allowedOrigins)
+                                  {
+                                      case ["*"]:
+                                          policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod();
+
+                                          break;
+                                      case { Length: > 0 }:
+                                          policy.WithOrigins(allowedOrigins).AllowAnyHeader().AllowAnyMethod();
+
+                                          break;
+                                  }
+                              });
+        });
+
        WebApplication app = builder.Build();

        // Configure the HTTP request pipeline.
@@ -216,6 +238,9 @@ file class Program

        app.UseHttpsRedirection();

+        // Use CORS before authentication/authorization
+        app.UseCors("AllowFrontend");
+
        app.UseAuthentication();
        app.UseAuthorization();

--- a/Marechai.Server/appsettings.json
+++ b/Marechai.Server/appsettings.json
@@ -10,6 +10,11 @@
    }
  },
  "AllowedHosts":      "*",
+  "CORS":              {
+    "AllowedOrigins": [
+      "*"
+    ]
+  },
  "MarechaiRoles":     [
    {
      "Name":        "UberAdmin",