From 6e0780b15f129b398cf0aa42e6ffd046ba536813 Mon Sep 17 00:00:00 2001
From: Kieran <kieran@harkin.me>
Date: Sat, 26 Feb 2022 23:16:33 +0000
Subject: [PATCH] Change CORS policy

---
 VoidCat/Controllers/Admin/AdminController.cs |  2 ++
 VoidCat/Controllers/AuthController.cs        |  2 ++
 VoidCat/Model/Roles.cs                       |  2 +-
 VoidCat/Program.cs                           | 12 ++++++++++--
 4 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/VoidCat/Controllers/Admin/AdminController.cs b/VoidCat/Controllers/Admin/AdminController.cs
index ef22b81..4834d49 100644
--- a/VoidCat/Controllers/Admin/AdminController.cs
+++ b/VoidCat/Controllers/Admin/AdminController.cs
@@ -1,10 +1,12 @@
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using VoidCat.Model;
 using VoidCat.Services.Abstractions;
 
 namespace VoidCat.Controllers.Admin;
 
+[EnableCors(CorsPolicy.Auth)]
 [Route("admin")]
 [Authorize(Policy = Policies.RequireAdmin)]
 public class AdminController : Controller
diff --git a/VoidCat/Controllers/AuthController.cs b/VoidCat/Controllers/AuthController.cs
index 97a2590..0754faa 100644
--- a/VoidCat/Controllers/AuthController.cs
+++ b/VoidCat/Controllers/AuthController.cs
@@ -2,6 +2,7 @@ using System.ComponentModel.DataAnnotations;
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Text;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.IdentityModel.Tokens;
 using VoidCat.Model;
@@ -9,6 +10,7 @@ using VoidCat.Services.Abstractions;
 
 namespace VoidCat.Controllers;
 
+[EnableCors(CorsPolicy.Auth)]
 [Route("auth")]
 public class AuthController : Controller
 {
diff --git a/VoidCat/Model/Roles.cs b/VoidCat/Model/Roles.cs
index bd550cd..84c66d8 100644
--- a/VoidCat/Model/Roles.cs
+++ b/VoidCat/Model/Roles.cs
@@ -13,6 +13,6 @@ public static class Policies
 
 public static class CorsPolicy
 {
-    public const string Default = "default";
+    public const string Auth = "auth";
     public const string Upload = "upload";
 }
\ No newline at end of file
diff --git a/VoidCat/Program.cs b/VoidCat/Program.cs
index c3586f6..f606284 100644
--- a/VoidCat/Program.cs
+++ b/VoidCat/Program.cs
@@ -35,7 +35,7 @@ if (useRedis)
 
 services.AddCors(opt =>
 {
-    opt.AddPolicy(CorsPolicy.Default, p =>
+    opt.AddDefaultPolicy(p =>
     {
         p.AllowAnyMethod()
             .AllowAnyHeader()
@@ -49,6 +49,14 @@ services.AddCors(opt =>
             .WithHeaders("V-Content-Type", "V-Filename", "V-Digest", "V-EditSecret", "Content-Type", "Authorization")
             .WithOrigins(voidSettings.CorsOrigins.Select(a => a.OriginalString).ToArray());
     });
+    
+    opt.AddPolicy(CorsPolicy.Auth, p =>
+    {
+        p.AllowCredentials()
+            .AllowAnyMethod()
+            .WithHeaders("Authorization")
+            .WithOrigins(voidSettings.CorsOrigins.Select(a => a.OriginalString).ToArray());
+    });
 });
 
 services.AddRouting();
@@ -130,7 +138,7 @@ app.UseStaticFiles();
 #endif
 
 app.UseRouting();
-app.UseCors(CorsPolicy.Default);
+app.UseCors();
 app.UseAuthentication();
 app.UseAuthorization();