From b8bd780921c7f0b47fbf2570adee797e20b2a8a6 Mon Sep 17 00:00:00 2001
From: Timo Notheisen <timo.notheisen@js-soft.com>
Date: Wed, 29 Jan 2025 14:57:26 +0100
Subject: [PATCH] feat: add possibility to configure cors

---
 .../SseServer/src/SseServer/Configuration.cs         |  8 ++++++++
 .../Extensions/IServiceCollectionExtensions.cs       | 12 ++++++++++++
 Applications/SseServer/src/SseServer/Program.cs      |  2 ++
 3 files changed, 22 insertions(+)

diff --git a/Applications/SseServer/src/SseServer/Configuration.cs b/Applications/SseServer/src/SseServer/Configuration.cs
index 27c5da8ede..b04057bca7 100644
--- a/Applications/SseServer/src/SseServer/Configuration.cs
+++ b/Applications/SseServer/src/SseServer/Configuration.cs
@@ -9,6 +9,8 @@ public class Configuration
     [Required]
     public AuthenticationConfiguration Authentication { get; set; } = new();
 
+    public CorsConfiguration Cors { get; set; } = new();
+
     [Required]
     public InfrastructureConfiguration Infrastructure { get; set; } = new();
 
@@ -20,6 +22,12 @@ public class AuthenticationConfiguration
         public string JwtSigningCertificate { get; set; } = "";
     }
 
+    public class CorsConfiguration
+    {
+        public string AllowedOrigins { get; set; } = "";
+        public string ExposedHeaders { get; set; } = "";
+    }
+
     public class InfrastructureConfiguration
     {
         [Required]
diff --git a/Applications/SseServer/src/SseServer/Extensions/IServiceCollectionExtensions.cs b/Applications/SseServer/src/SseServer/Extensions/IServiceCollectionExtensions.cs
index 0a93c34720..512870a697 100644
--- a/Applications/SseServer/src/SseServer/Extensions/IServiceCollectionExtensions.cs
+++ b/Applications/SseServer/src/SseServer/Extensions/IServiceCollectionExtensions.cs
@@ -65,6 +65,18 @@ public static void AddCustomAspNetCore(this IServiceCollection services,
                 options.JsonSerializerOptions.DictionaryKeyPolicy = JsonNamingPolicy.CamelCase;
             });
 
+        services.AddCors(options =>
+        {
+            options.AddDefaultPolicy(builder =>
+            {
+                builder
+                    .WithOrigins(configuration.Cors.AllowedOrigins.Split(";"))
+                    .WithExposedHeaders(configuration.Cors.ExposedHeaders.Split(";"))
+                    .AllowAnyHeader()
+                    .AllowAnyMethod();
+            });
+        });
+
         services.AddAuthentication().AddJwtBearer("default", options =>
         {
             var privateKeyBytes = Convert.FromBase64String(configuration.Authentication.JwtSigningCertificate);
diff --git a/Applications/SseServer/src/SseServer/Program.cs b/Applications/SseServer/src/SseServer/Program.cs
index 6138e63518..7c49ef80ff 100644
--- a/Applications/SseServer/src/SseServer/Program.cs
+++ b/Applications/SseServer/src/SseServer/Program.cs
@@ -142,6 +142,8 @@ static void Configure(WebApplication app)
             .AddCustomHeader("X-Frame-Options", "Deny")
     );
 
+    app.UseCors();
+
     app.UseAuthentication().UseAuthorization();
 
     app.MapControllers();