Add allow all CORS policy to download endpoints

2023-03-04 19:52:21 +00:00 · 2023-03-04 19:52:21 +00:00 · ef3ebb867d
commit ef3ebb867d
parent 49ad601d13
2 changed files with 19 additions and 5 deletions
--- a/VoidCat/Controllers/DownloadController.cs
+++ b/VoidCat/Controllers/DownloadController.cs
@ -1,4 +1,5 @@
 using System.Net;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using VoidCat.Model;
 using VoidCat.Model.Payments;
@ -28,6 +29,7 @@ public class DownloadController : Controller

    [HttpOptions]
    [Route("{id}")]
+    [EnableCors("*")]
    public Task DownloadFileOptions([FromRoute] string id)
    {
        var gid = id.FromBase58Guid();
@ -41,6 +43,7 @@ public class DownloadController : Controller
    [ResponseCache(Location = ResponseCacheLocation.Any, Duration = 86400)]
    [HttpGet]
    [Route("{id}")]
+    [EnableCors("*")]
    public async Task DownloadFile([FromRoute] string id)
    {
        var gid = id.FromBase58Guid();
--- a/VoidCat/VoidStartup.cs
+++ b/VoidCat/VoidStartup.cs
@ -78,6 +78,7 @@ public static class VoidStartup
        {
            o.LoggingFields = HttpLoggingFields.RequestPropertiesAndHeaders |
                              HttpLoggingFields.ResponsePropertiesAndHeaders;
+
            o.RequestBodyLogLimit = 4096;
            o.ResponseBodyLogLimit = 4096;

@ -89,6 +90,7 @@ public static class VoidStartup
                o.RequestHeaders.Add(h);
            }
        });
+
        services.AddHttpClient();
        services.AddSwaggerGen(c =>
        {
@ -99,6 +101,7 @@ public static class VoidStartup
                Name = "Authorization",
                Type = SecuritySchemeType.ApiKey
            });
+
            c.AddSecurityRequirement(new OpenApiSecurityRequirement
            {
                {
@ -113,9 +116,11 @@ public static class VoidStartup
                    new string[] { }
                }
            });
+
            var path = Path.Combine(AppContext.BaseDirectory, $"{Assembly.GetExecutingAssembly().GetName().Name}.xml");
            c.IncludeXmlComments(path);
        });
+
        services.AddCors(opt =>
        {
            opt.AddDefaultPolicy(p =>
@ -125,11 +130,20 @@ public static class VoidStartup
                    .AllowCredentials()
                    .WithOrigins(voidSettings.CorsOrigins.Select(a => a.OriginalString).ToArray());
            });
+
+            opt.AddPolicy("*", p =>
+            {
+                p.AllowAnyMethod()
+                    .AllowAnyHeader()
+                    .AllowAnyOrigin();
            });
+        });
+
        services.AddRazorPages();
        services.AddRouting();
        services.AddControllers()
            .AddNewtonsoftJson((opt) => { ConfigJsonSettings(opt.SerializerSettings); });
+
        services.AddHealthChecks();

        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
@ -146,10 +160,7 @@ public static class VoidStartup
                };
            });

-        services.AddAuthorization((opt) =>
-        {
-            opt.AddPolicy(Policies.RequireAdmin, (auth) => { auth.RequireRole(Roles.Admin); });
-        });
+        services.AddAuthorization((opt) => { opt.AddPolicy(Policies.RequireAdmin, (auth) => { auth.RequireRole(Roles.Admin); }); });

        services.AddTransient<RazorPartialToStringRenderer>();
        services.AddAnalytics(voidSettings);