fix: update CORS policy and add CorsOrigins to configuration #5

2025-08-01 11:02:57 +02:00
parent f8c555bc84
commit 4d26344665
3 changed files with 15 additions and 6 deletions
--- a/Api/Program.cs
+++ b/Api/Program.cs
@@ -24,7 +24,6 @@ namespace Api
            })
            .AddJwtBearer(options =>
            {
-       
                options.Authority = builder.Configuration["Authentication:PocketId:Authority"];
                options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
                {
@@ -35,9 +34,14 @@ namespace Api

            builder.Services.AddCors(options =>
            {
-                options.AddPolicy("AllowAll", policy =>
+                options.AddPolicy("Default", policy =>
                {
-                    policy.AllowAnyOrigin()
+                    var allowedHostsConfiguration = builder.Configuration["CorsOrigins"]?
+                        .ToString()
+                        .Split(',');
+
+                    policy
+                        .WithOrigins(allowedHostsConfiguration ?? new[] { "*" })
                        .AllowAnyHeader()
                        .AllowAnyMethod();
                });
@@ -52,6 +56,7 @@ namespace Api
                : builder.Configuration.GetConnectionString("DefaultConnection");
            builder.Services.AddDbContext<AppDbContext>(options =>
                options.UseSqlServer(connectionString));
+
            // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
            builder.Services.AddEndpointsApiExplorer();
            builder.Services.AddSwaggerGen();
@@ -67,6 +72,7 @@ namespace Api
                app.UseHttpsRedirection();
            }

+            // Angular rewrite for SPA hosting
            var routes = new[] { "api", "swagger" };
            var rewriteString = String.Join("|", routes);
            var rewriteOptions = new RewriteOptions()
@@ -77,7 +83,7 @@ namespace Api
            if (app.Environment.IsDevelopment())
            {
                var currentDirectory = Directory.GetCurrentDirectory();
-                var staticFilePath = Path.Combine(currentDirectory,"../Web/dist/Web/browser");
+                var staticFilePath = Path.Combine(currentDirectory, "../Web/dist/Web/browser");
                app.UseDefaultFiles(new DefaultFilesOptions
                {
                    FileProvider = new Microsoft.Extensions.FileProviders.PhysicalFileProvider(staticFilePath),
@@ -95,7 +101,7 @@ namespace Api
                app.UseStaticFiles();
            }

-            app.UseCors("AllowAll");
+            app.UseCors("Default");
            app.UseAuthentication();
            app.UseAuthorization();