From 28bab059803a3bcd5179ee4280ebdc44f6c6745a Mon Sep 17 00:00:00 2001
From: OlgunR <OlgunR@DD-PC-ENT05N>
Date: Mon, 19 Jan 2026 08:34:40 +0100
Subject: [PATCH] Add configurable CORS support via appsettings.json

Introduce CORS configuration using allowed origins from appsettings.json. Updated Program.cs to read allowed origins from configuration and apply them to the CORS policy, defaulting to AllowAnyOrigin if none are specified. Also made minor formatting and comment improvements.
---
 DbFirst.API/Program.cs       | 18 ++++++++++++++----
 DbFirst.API/appsettings.json |  6 ++++++
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/DbFirst.API/Program.cs b/DbFirst.API/Program.cs
index c9b5a30..bdfce03 100644
--- a/DbFirst.API/Program.cs
+++ b/DbFirst.API/Program.cs
@@ -5,7 +5,7 @@ using DbFirst.Infrastructure.Repositories;
 using Microsoft.EntityFrameworkCore;
 using DbFirst.API.Middleware;
 
-// TODO: create and add exception handling middleware - Done
+//TODO: create and add exception handling middleware
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -17,11 +17,21 @@ builder.Services.AddSwaggerGen();
 // TODO: allow listed origins configured in appsettings.json
 builder.Services.AddCors(options =>
 {
+    var origins = builder.Configuration.GetSection("Cors:AllowedOrigins").Get<string[]>() ?? Array.Empty<string>();
     options.AddDefaultPolicy(policy =>
     {
-        policy.AllowAnyOrigin()
-              .AllowAnyHeader()
-              .AllowAnyMethod();
+        if (origins.Length > 0)
+        {
+            policy.WithOrigins(origins)
+                  .AllowAnyHeader()
+                  .AllowAnyMethod();
+        }
+        else
+        {
+            policy.AllowAnyOrigin()
+                  .AllowAnyHeader()
+                  .AllowAnyMethod();
+        }
     });
 });
 
diff --git a/DbFirst.API/appsettings.json b/DbFirst.API/appsettings.json
index 7561326..c0ba046 100644
--- a/DbFirst.API/appsettings.json
+++ b/DbFirst.API/appsettings.json
@@ -2,6 +2,12 @@
   "ConnectionStrings": {
     "DefaultConnection": "Server=SDD-VMP04-SQL17\\DD_DEVELOP01;Database=DD_ECM;User Id=sa;Password=dd;TrustServerCertificate=True;"
   },
+  "Cors": {
+    "AllowedOrigins": [
+      "https://localhost:7276",
+      "http://localhost:5101"
+    ]
+  },
   "Logging": {
     "LogLevel": {
       "Default": "Information",