Configurable CORS origins

src/RunnersMeet.Server/AppServer.cs

@@ -1,6 +1,7 @@
 using RunnersMeet.Server.Domain;
 using RunnersMeet.Server.Frontend;
 using RunnersMeet.Server.Persistence;
+using RunnersMeet.Server.ServerAspects.Cors;
 
 namespace RunnersMeet.Server;
 

src/RunnersMeet.Server/CorsModule.cs → src/RunnersMeet.Server/ServerAspects/Cors/CorsModule.cs

@@ -1,14 +1,15 @@
-namespace RunnersMeet.Server;
+namespace RunnersMeet.Server.ServerAspects.Cors;
 
 public class CorsModule : IAppConfigurationModule
 {
 	public void ConfigureServices(IServiceCollection services, IConfigurationRoot config)
 	{
+		var corsSettings = config.GetRequiredSection(CorsSettings.SectionName).Get<CorsSettings>()!;
 		services.AddCors(options =>
 		{
 			options.AddDefaultPolicy(policy =>
 			{
-				policy.WithOrigins("http://localhost:4200", "https://gpx.studio");
+				policy.WithOrigins(corsSettings.Origins);
 				policy.WithHeaders("Authorization", "Content-Type");
 				policy.AllowAnyMethod();
 				policy.WithExposedHeaders("Content-Disposition");

src/RunnersMeet.Server/ServerAspects/Cors/CorsSettings.cs

@@ -0,0 +1,8 @@
+namespace RunnersMeet.Server.ServerAspects.Cors;
+
+public class CorsSettings
+{
+	public const string SectionName = "Cors";
+
+	public string[] Origins { get; set; } = {};
+}

src/RunnersMeet.Server/appsettings.json

@@ -13,6 +13,9 @@
 			"Tracks": ["manage:tracks"]
 		}
 	},
+	"Cors": {
+		"Origins": ["http://localhost:4200", "https://gpx.studio"]
+	},
 	"Persistence": {
 		"DataFilePath": "./data/runners.db",
 		"FileStorageRootPath": "./data/files"