administrator/pas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: update CORS policy and add CorsOrigins to configuration #5

Browse Source
This commit is contained in:
Marek Lesko
2025-08-01 11:02:57 +02:00
parent f8c555bc84
commit 4d26344665
3 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitlab-ci.yml
View File

@@ -33,6 +33,7 @@ docker-build:
script: script:
- 'sed -i "s|\"apiEndpoint\": \"[^\"]*\"|\"apiEndpoint\": \"https\:\/\/""$PUBLIC_WEB_URL""\"|" Web/public/config.json' - 'sed -i "s|\"apiEndpoint\": \"[^\"]*\"|\"apiEndpoint\": \"https\:\/\/""$PUBLIC_WEB_URL""\"|" Web/public/config.json'
- 'sed -i "s|\"AllowedHosts\": \"[^\"]*\"|\"AllowedHosts\": \"$PUBLIC_WEB_URL\"|" Api/appsettings.json' - 'sed -i "s|\"AllowedHosts\": \"[^\"]*\"|\"AllowedHosts\": \"$PUBLIC_WEB_URL\"|" Api/appsettings.json'
- 'sed -i "s|\"CorsOrigins\": \"[^\"]*\"|\"CorsOrigins\": \"https\:\/\/""$PUBLIC_WEB_URL""\"|" Api/appsettings.json'
- docker build -t $CI_REGISTRY_IMAGE:latest -t $CI_REGISTRY_IMAGE:${CI_PIPELINE_IID} -f Dockerfile . - docker build -t $CI_REGISTRY_IMAGE:latest -t $CI_REGISTRY_IMAGE:${CI_PIPELINE_IID} -f Dockerfile .
- echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
- docker push $CI_REGISTRY_IMAGE:latest - docker push $CI_REGISTRY_IMAGE:latest

16
Api/Program.cs
View File

@@ -24,7 +24,6 @@ namespace Api
}) })
.AddJwtBearer(options => .AddJwtBearer(options =>
{ {
options.Authority = builder.Configuration["Authentication:PocketId:Authority"]; options.Authority = builder.Configuration["Authentication:PocketId:Authority"];
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters() options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters()
{ {
@@ -35,9 +34,14 @@ namespace Api
builder.Services.AddCors(options => builder.Services.AddCors(options =>
{ {
options.AddPolicy("AllowAll", policy => options.AddPolicy("Default", policy =>
{ {
policy.AllowAnyOrigin() var allowedHostsConfiguration = builder.Configuration["CorsOrigins"]?
.ToString()
.Split(',');
policy
.WithOrigins(allowedHostsConfiguration ?? new[] { "*" })
.AllowAnyHeader() .AllowAnyHeader()
.AllowAnyMethod(); .AllowAnyMethod();
}); });
@@ -52,6 +56,7 @@ namespace Api
: builder.Configuration.GetConnectionString("DefaultConnection"); : builder.Configuration.GetConnectionString("DefaultConnection");
builder.Services.AddDbContext<AppDbContext>(options => builder.Services.AddDbContext<AppDbContext>(options =>
options.UseSqlServer(connectionString)); options.UseSqlServer(connectionString));
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer(); builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(); builder.Services.AddSwaggerGen();
@@ -67,6 +72,7 @@ namespace Api
app.UseHttpsRedirection(); app.UseHttpsRedirection();
} }
// Angular rewrite for SPA hosting
var routes = new[] { "api", "swagger" }; var routes = new[] { "api", "swagger" };
var rewriteString = String.Join("|", routes); var rewriteString = String.Join("|", routes);
var rewriteOptions = new RewriteOptions() var rewriteOptions = new RewriteOptions()
@@ -77,7 +83,7 @@ namespace Api
if (app.Environment.IsDevelopment()) if (app.Environment.IsDevelopment())
{ {
var currentDirectory = Directory.GetCurrentDirectory(); var currentDirectory = Directory.GetCurrentDirectory();
var staticFilePath = Path.Combine(currentDirectory,"../Web/dist/Web/browser"); var staticFilePath = Path.Combine(currentDirectory, "../Web/dist/Web/browser");
app.UseDefaultFiles(new DefaultFilesOptions app.UseDefaultFiles(new DefaultFilesOptions
{ {
FileProvider = new Microsoft.Extensions.FileProviders.PhysicalFileProvider(staticFilePath), FileProvider = new Microsoft.Extensions.FileProviders.PhysicalFileProvider(staticFilePath),
@@ -95,7 +101,7 @@ namespace Api
app.UseStaticFiles(); app.UseStaticFiles();
} }
app.UseCors("AllowAll"); app.UseCors("Default");
app.UseAuthentication(); app.UseAuthentication();
app.UseAuthorization(); app.UseAuthorization();

4
Api/appsettings.json
View File

@@ -14,5 +14,7 @@
"Microsoft.AspNetCore": "Warning" "Microsoft.AspNetCore": "Warning"
} }
}, },
"AllowedHosts": "*" "AllowedHosts": "localhost",
"CorsOrigins": "https://localhost:5001,http://localhost:4200,http://localhost:5000"
} }