allow web vault origin for cors requests

2025-03-15 13:59:25 +01:00 · 2019-07-25 15:05:03 -04:00 · 2019-07-25 15:05:03 -04:00 · f6da38f931
commit f6da38f931
parent a0da6b3886
3 changed files with 9 additions and 3 deletions
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -160,7 +160,9 @@ namespace Bit.Api
            app.UseStaticFiles();

            // Add Cors
-            app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
+            app.UseCors(policy => policy
+                .WithOrigins(globalSettings.BaseServiceUri.Vault)
+                .AllowAnyMethod().AllowAnyHeader().AllowCredentials());

            // Add authentication to the request pipeline.
            app.UseAuthentication();
--- a/src/Events/Startup.cs
+++ b/src/Events/Startup.cs
@ -94,7 +94,9 @@ namespace Bit.Events
            app.UseDefaultMiddleware(env);

            // Add Cors
-            app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
+            app.UseCors(policy => policy
+                .WithOrigins(globalSettings.BaseServiceUri.Vault)
+                .AllowAnyMethod().AllowAnyHeader().AllowCredentials());

            // Add authentication to the request pipeline.
            app.UseAuthentication();
--- a/src/Notifications/Startup.cs
+++ b/src/Notifications/Startup.cs
@ -94,7 +94,9 @@ namespace Bit.Notifications
            }

            // Add Cors
-            app.UseCors(policy => policy.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader().AllowCredentials());
+            app.UseCors(policy => policy
+                .WithOrigins(globalSettings.BaseServiceUri.Vault)
+                .AllowAnyMethod().AllowAnyHeader().AllowCredentials());

            // Add authentication to the request pipeline.
            app.UseAuthentication();