Added Cors to program.cs

Management/Program.cs

@@ -8,6 +8,25 @@ var builder = WebApplication.CreateBuilder(args);
 var port = Environment.GetEnvironmentVariable("PORT") ?? "8080";
 builder.WebHost.UseUrls($"http://0.0.0.0:{port}");
 
+// CORS — allowed origins from env var, comma-separated
+var allowedOrigins = (builder.Configuration["CORS__AllowedOrigins"] ?? "")
+    .Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
+
+builder.Services.AddCors(options =>
+{
+    options.AddDefaultPolicy(policy =>
+    {
+        if (allowedOrigins.Length > 0)
+            policy.WithOrigins(allowedOrigins)
+                  .AllowAnyHeader()
+                  .AllowAnyMethod();
+        else
+            policy.AllowAnyOrigin()
+                  .AllowAnyHeader()
+                  .AllowAnyMethod();
+    });
+});
+
 // Services
 builder.Services.AddControllers();
 builder.Services.AddEndpointsApiExplorer();
@@ -62,6 +81,9 @@ app.MapGet("/", () => Results.Ok(new
     }
 }));
 
+// CORS — must be before auth middleware
+app.UseCors();
+
 // Authentication middleware
 app.UseMiddleware<ClientAuthMiddleware>();
 
@@ -71,4 +93,4 @@ app.UseMiddleware<ActivityLoggingMiddleware>();
 app.UseAuthorization();
 app.MapControllers();
 
-app.Run();
+app.Run();