Skip to content

Commit 17045a4

Browse files
Some config changes
1 parent 6b92933 commit 17045a4

1 file changed

Lines changed: 7 additions & 3 deletions

File tree

backend/Program.cs

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,10 @@
4545
{
4646
options.AddDefaultPolicy(policy =>
4747
{
48-
policy.WithOrigins(builder.Configuration.GetSection("Cors:AllowedOrigins").Get<string[]>() ?? new[] { "http://localhost:3000" })
48+
var allowedOrigins = builder.Configuration.GetSection("Cors:AllowedOrigins").Get<string[]>()
49+
?? new[] { "http://localhost:3000" };
50+
51+
policy.WithOrigins(allowedOrigins)
4952
.AllowAnyHeader()
5053
.AllowAnyMethod()
5154
.AllowCredentials();
@@ -63,8 +66,8 @@
6366
options.LoginPath = "/api/auth/login";
6467
options.LogoutPath = "/api/auth/logout";
6568
options.Cookie.Name = "JobHelper.Auth";
66-
options.Cookie.HttpOnly = true;
67-
options.Cookie.SecurePolicy = CookieSecurePolicy.Always; // Require HTTPS (backend is on HTTPS)
69+
options.Cookie.HttpOnly = false;
70+
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Require HTTPS (backend is on HTTPS)
6871
options.Cookie.SameSite = SameSiteMode.None; // Allow cross-site for different domains
6972
options.Cookie.IsEssential = true; // Mark as essential for GDPR compliance
7073
options.ExpireTimeSpan = TimeSpan.FromHours(24);
@@ -166,6 +169,7 @@
166169
// Add Scalar API documentation UI (modern alternative to Swagger UI)
167170
app.MapScalarApiReference();
168171

172+
// IMPORTANT: CORS must be called before Authentication and Authorization
169173
app.UseCors();
170174
app.UseAuthentication();
171175
app.UseAuthorization();

0 commit comments

Comments
 (0)