Skip to content

Fix CORS Implementation in MythAPI #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Fix CORS Implementation in MythAPI #3

wants to merge 2 commits into from

Conversation

Copilot
Copy link

@Copilot Copilot AI commented May 28, 2025
edited
Loading

Overview

This PR implements a proper Cross-Origin Resource Sharing (CORS) policy in the MythAPI application to address the identified security issue.

Changes Made

  • Added CORS service registration in Program.cs
  • Implemented two different CORS policies:
    • A restrictive policy for production environments with specific allowed origins, methods, and headers
    • A permissive policy for development environments to facilitate testing
  • Added middleware configuration to apply the appropriate CORS policy based on the current environment

Implementation Details

// Production CORS policy
options.AddPolicy("ApiCorsPolicy", builder =>
{
    builder
        .WithOrigins(
            "https://trusted-domain.com",
            "https://another-trusted-domain.com"
        )
        .WithMethods("GET", "POST")
        .WithHeaders("Authorization", "Content-Type")
        .AllowCredentials();
});

// Development CORS policy
options.AddPolicy("Development", builder =>
{
    builder
        .AllowAnyOrigin()
        .AllowAnyMethod()
        .AllowAnyHeader();
});

The CORS middleware is applied before registering endpoints but after building the application:

if (app.Environment.IsDevelopment())
{
    app.UseCors("Development");
}
else
{
    app.UseCors("ApiCorsPolicy");
}

Notes

  • No additional NuGet packages were required as CORS middleware is included in ASP.NET Core
  • For production use, the allowed origins should be updated to match actual trusted domains
  • All existing tests continue to pass after these changes

Fixes #2.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@Copilot @aatmmr
Implement CORS policy in MythAPI
6f97441 
Co-authored-by: aatmmr <15815012+aatmmr@users.noreply.github.com>
@Copilot Copilot AI changed the title [WIP] Fix CORS Fix CORS Implementation in MythAPI May 28, 2025
@Copilot Copilot AI requested a review from aatmmr May 28, 2025 09:55
Copilot finished work on behalf of aatmmr May 28, 2025 09:55
aatmmr
aatmmr reviewed May 28, 2025
View reviewed changes
Copy link
Contributor

@aatmmr aatmmr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :shipit:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aatmmr aatmmr aatmmr left review comments

Assignees

@aatmmr aatmmr

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix CORS
2 participants
@Copilot @aatmmr