From 755274dee658189190b09681c92775ccc08fb165 Mon Sep 17 00:00:00 2001
From: Grae Jones <GJones@theUSIM.com>
Date: Sat, 21 Mar 2026 21:44:23 -0700
Subject: [PATCH] Added Cors to program.cs

---
 Management/Program.cs | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/Management/Program.cs b/Management/Program.cs
index 08bc5e6..8d16bcb 100644
--- a/Management/Program.cs
+++ b/Management/Program.cs
@@ -8,6 +8,25 @@ var builder = WebApplication.CreateBuilder(args);
 var port = Environment.GetEnvironmentVariable("PORT") ?? "8080";
 builder.WebHost.UseUrls($"http://0.0.0.0:{port}");
 
+// CORS — allowed origins from env var, comma-separated
+var allowedOrigins = (builder.Configuration["CORS__AllowedOrigins"] ?? "")
+    .Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
+
+builder.Services.AddCors(options =>
+{
+    options.AddDefaultPolicy(policy =>
+    {
+        if (allowedOrigins.Length > 0)
+            policy.WithOrigins(allowedOrigins)
+                  .AllowAnyHeader()
+                  .AllowAnyMethod();
+        else
+            policy.AllowAnyOrigin()
+                  .AllowAnyHeader()
+                  .AllowAnyMethod();
+    });
+});
+
 // Services
 builder.Services.AddControllers();
 builder.Services.AddEndpointsApiExplorer();
@@ -62,6 +81,9 @@ app.MapGet("/", () => Results.Ok(new
     }
 }));
 
+// CORS — must be before auth middleware
+app.UseCors();
+
 // Authentication middleware
 app.UseMiddleware<ClientAuthMiddleware>();
 
@@ -71,4 +93,4 @@ app.UseMiddleware<ActivityLoggingMiddleware>();
 app.UseAuthorization();
 app.MapControllers();
 
-app.Run();
+app.Run();
\ No newline at end of file