common: make CORS origins configurable

Notesnook.API/Startup.cs

@@ -85,7 +85,7 @@ namespace Notesnook.API
             JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
             JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
 
-            services.AddCors();
+            services.AddDefaultCors();
 
             services.AddDistributedMemoryCache(delegate (MemoryDistributedCacheOptions cacheOptions)
             {

Streetwriters.Common/Constants.cs

@@ -70,5 +70,6 @@ namespace Streetwriters.Common
         public static string SSE_SERVER_DOMAIN => Environment.GetEnvironmentVariable("SSE_SERVER_DOMAIN");
         public static string SSE_CERT_PATH => Environment.GetEnvironmentVariable("SSE_CERT_PATH");
         public static string SSE_CERT_KEY_PATH => Environment.GetEnvironmentVariable("SSE_CERT_KEY_PATH");
+        public static string[] NOTESNOOK_CORS_ORIGINS => Environment.GetEnvironmentVariable("NOTESNOOK_CORS")?.Split(",");
     }
 }

Streetwriters.Common/Extensions/ServiceCollectionServiceExtensions.cs

@@ -17,24 +17,25 @@ You should have received a copy of the Affero GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-namespace Microsoft.Extensions.DependencyInjection.CorsServiceCollectionExtensions
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Streetwriters.Common.Extensions
 {
     public static class ServiceCollectionServiceExtensions
     {
-        public static IServiceCollection AddCors(this IServiceCollection services)
+        public static IServiceCollection AddDefaultCors(this IServiceCollection services)
         {
             services.AddCors(options =>
             {
                 options.AddPolicy("notesnook", (b) =>
                 {
-#if DEBUG
-                    b.AllowAnyOrigin();
-#else
-                    b.WithOrigins("http://localhost:3000", "http://192.168.10.29:3000", "https://app.notesnook.com", "https://beta.notesnook.com", "https://budi.streetwriters.co", "http://localhost:9876");
-#endif
+                    if (Constants.NOTESNOOK_CORS_ORIGINS.Length <= 0)
+                        b.AllowAnyOrigin();
+                    else
+                        b.WithOrigins(Constants.NOTESNOOK_CORS_ORIGINS);
+
                     b.AllowAnyMethod()
-                    .AllowAnyHeader()
-                    .AllowCredentials();
+                    .AllowAnyHeader();
                 });
             });
             return services;

Streetwriters.Identity/Startup.cs

@@ -65,7 +65,7 @@ namespace Streetwriters.Identity
             services.AddTransient<ISMSSender, SMSSender>();
             services.AddTransient<IPasswordHasher<User>, Argon2PasswordHasher<User>>();
 
-            services.AddCors();
+            services.AddDefaultCors();
 
             //services.AddSingleton<IProfileService, UserService>();
             services.AddIdentityMongoDbProvider<User>(options =>

Streetwriters.Messenger/Startup.cs

@@ -62,7 +62,7 @@ namespace Streetwriters.Messenger
             JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
             JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
 
-            services.AddCors();
+            services.AddDefaultCors();
             services.AddDistributedMemoryCache(delegate (MemoryDistributedCacheOptions cacheOptions)
             {
                 cacheOptions.SizeLimit = 262144000L;