Add configurable CORS support via appsettings.json

Introduce CORS configuration using allowed origins from appsettings.json. Updated Program.cs to read allowed origins from configuration and apply them to the CORS policy, defaulting to AllowAnyOrigin if none are specified. Also made minor formatting and comment improvements.

DbFirst.API/Program.cs

@@ -5,7 +5,7 @@ using DbFirst.Infrastructure.Repositories;
 using Microsoft.EntityFrameworkCore;
 using DbFirst.API.Middleware;
 
-// TODO: create and add exception handling middleware - Done
+//TODO: create and add exception handling middleware
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -17,11 +17,21 @@ builder.Services.AddSwaggerGen();
 // TODO: allow listed origins configured in appsettings.json
 builder.Services.AddCors(options =>
 {
+    var origins = builder.Configuration.GetSection("Cors:AllowedOrigins").Get<string[]>() ?? Array.Empty<string>();
     options.AddDefaultPolicy(policy =>
+    {
+        if (origins.Length > 0)
+        {
+            policy.WithOrigins(origins)
+                  .AllowAnyHeader()
+                  .AllowAnyMethod();
+        }
+        else
         {
             policy.AllowAnyOrigin()
                   .AllowAnyHeader()
                   .AllowAnyMethod();
+        }
     });
 });
 

DbFirst.API/appsettings.json

@@ -2,6 +2,12 @@
   "ConnectionStrings": {
     "DefaultConnection": "Server=SDD-VMP04-SQL17\\DD_DEVELOP01;Database=DD_ECM;User Id=sa;Password=dd;TrustServerCertificate=True;"
   },
+  "Cors": {
+    "AllowedOrigins": [
+      "https://localhost:7276",
+      "http://localhost:5101"
+    ]
+  },
   "Logging": {
     "LogLevel": {
       "Default": "Information",