Enable CORS on all endpoints

.vscode/launch.json

@@ -9,7 +9,7 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "build",
-            "launchSettingsProfile": "http",
+            "launchSettingsProfile": "https",
             // If you have changed target frameworks, make sure to update the program path.
             "program": "${workspaceFolder}/bin/Debug/net8.0/TodoApi.dll",
             "args": [],

Helpers/ApiKeyCanReadAttribute.cs

@@ -14,7 +14,7 @@ public class ApiKeyCanReadAttribute : ActionFilterAttribute
         var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
 
         // Validate the API key using the IApiKeyValidator service
-        if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanRead(apiKey))
+        if (!apiKeyValidator.CanRead(apiKey))
         {
             // If the API key is invalid, set the response status code to 401 Unauthorized
             context.Result = new UnauthorizedResult();

Helpers/ApiKeyCanWriteAttribute.cs

@@ -14,7 +14,7 @@ public class ApiKeyCanWriteAttribute : ActionFilterAttribute
         var apiKey = context.HttpContext.Request.Headers["X-API-KEY"];
 
         // Validate the API key using the IApiKeyValidator service
-        if (string.IsNullOrEmpty(apiKey) || !apiKeyValidator.CanWrite(apiKey))
+        if (!apiKeyValidator.CanWrite(apiKey))
         {
             // If the API key is invalid, set the response status code to 401 Unauthorized
             context.Result = new UnauthorizedResult();

Program.cs

@@ -30,9 +30,23 @@ try
         if (apiKeysTemp != null) apiKeys = apiKeysTemp;
     }
 }
-catch {}
+catch { }
 builder.Services.AddSingleton<IApiKeyValidator, ApiKeyValidator>(_ => new ApiKeyValidator(apiKeys));
 
+//setup CORS if origins were supplied in the config file
+string[]? allowedOrigins = builder.Configuration.GetValue<string[]>("AllowedOrigins");
+if (allowedOrigins != null)
+{
+    builder.Services.AddCors(options =>
+    {
+        options.AddPolicy(name: "AllowedOrigins",
+                          policy =>
+                          {
+                              policy.WithOrigins(allowedOrigins);
+                          });
+    });
+}
+
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen(c =>
@@ -64,13 +78,21 @@ builder.Services.AddSwaggerGen(c =>
 
 var app = builder.Build();
 
+//
 // Configure the HTTP request pipeline.
+//
+
 // if (app.Environment.IsDevelopment())
 // {
 app.UseSwagger();
 app.UseSwaggerUI();
 // }
 
+if (allowedOrigins != null)
+{
+    app.UseCors();
+}
+
 app.UseAuthentication();
 
 app.UseAuthorization();

appsettings.json

@@ -3,6 +3,11 @@
     "TodoDatabase": "Data Source=data/todo.db"
   },
   "APIKeyFile": "data/apikeys.json",
+  "AllowedOrigins": [
+    "http://localhost:5123",
+    "http://localhost:7291",
+    "https://gitea.jumpersplace.net"
+  ],
   "Logging": {
     "LogLevel": {
       "Default": "Information",