From 27819566f9afd32245d328e1a79277cfaaf2656a Mon Sep 17 00:00:00 2001
From: Dominic Villemure <doumvil@hotmail.com>
Date: Sun, 21 Apr 2024 13:49:13 -0400
Subject: [PATCH] #26 added cors policy to allows credentials on our UI origins

---
 src/Web/Program.cs | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/Web/Program.cs b/src/Web/Program.cs
index 9490c81..b2b34db 100644
--- a/src/Web/Program.cs
+++ b/src/Web/Program.cs
@@ -19,8 +19,24 @@ builder.Services.AddCors(options =>
         options.AddPolicy("AllowAll", builder =>
         {
             builder.AllowAnyOrigin()
-                   .AllowAnyMethod()
-                   .AllowAnyHeader();
+                .AllowAnyMethod()
+                .AllowAnyHeader();
+        });
+        
+        options.AddPolicy("AllowHutopyUi", builder =>
+        {
+            builder.WithOrigins("https://zealous-bay-08204590f.5.azurestaticapps.net")
+                .AllowAnyMethod()
+                .AllowAnyHeader()
+                .AllowCredentials();
+        });
+        
+        options.AddPolicy("AllowHutopyUiPreview", builder =>
+        {
+            builder.WithOrigins("https://zealous-bay-08204590f-preview.eastus2.5.azurestaticapps.net")
+                .AllowAnyMethod()
+                .AllowAnyHeader()
+                .AllowCredentials();
         });
     });
 
@@ -36,6 +52,8 @@ builder.Services.AddScoped<IUserService, UserService>();
 var app = builder.Build();
 
 app.UseCors("AllowAll");
+app.UseCors("AllowHutopyUi");
+app.UseCors("AllowHutopyUiPreview");
 
 // Initialize and seed the db.
 await app.InitialiseDatabaseAsync();