update cors policy to expose new headers

dragonfruitnetwork · Jan 1, 2025 · b42cd1c · b42cd1c
1 parent b98cf72
commit b42cd1c
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 7 deletions.
diff --git a/DragonFruit.OnionFruit.Web/Controllers/AssetDownloadController.cs b/DragonFruit.OnionFruit.Web/Controllers/AssetDownloadController.cs
@@ -13,7 +13,7 @@
 
 namespace DragonFruit.OnionFruit.Web.Controllers;
 
-[EnableCors]
+[EnableCors("Assets")]
 public class AssetDownloadController(IRemoteAssetStore assetStore) : ControllerBase
 {
     [HttpGet, HttpHead]

diff --git a/DragonFruit.OnionFruit.Web/Program.cs b/DragonFruit.OnionFruit.Web/Program.cs
@@ -34,18 +34,34 @@ public static async Task Main(string[] args)
         Worker.Program.ConfigureLogging(builder.Logging, builder.Configuration, "Server");
 
         builder.Services.AddControllers().AddJsonOptions(o => o.JsonSerializerOptions.PropertyNamingPolicy = JsonNamingPolicy.SnakeCaseLower);
-        builder.Services.AddCors(cors => cors.AddDefaultPolicy(policy =>
+        builder.Services.AddCors(cors =>
         {
-            policy.WithMethods("GET");
-            policy.SetPreflightMaxAge(TimeSpan.FromHours(12));
+            cors.AddDefaultPolicy(policy =>
+            {
+                policy.WithMethods("GET");
+
+                policy.SetIsOriginAllowed(IsValidOrigin);
+                policy.SetPreflightMaxAge(TimeSpan.FromHours(12));
+            });
 
-            policy.SetIsOriginAllowed(s =>
+            cors.AddPolicy("Assets", policy =>
+            {
+                policy.WithMethods("GET", "HEAD");
+                policy.WithExposedHeaders("X-Asset-Location");
+
+                policy.SetIsOriginAllowed(IsValidOrigin);
+                policy.SetPreflightMaxAge(TimeSpan.FromHours(12));
+            });
+
+            return;
+
+            bool IsValidOrigin(string s)
             {
                 var uri = new Uri(s, UriKind.Absolute);
                 return uri.Host == "localhost" || uri.Host.Equals("dragonfruit.network", StringComparison.OrdinalIgnoreCase)
                                                || uri.Host.EndsWith(".dragonfruit.network", StringComparison.OrdinalIgnoreCase);
-            });
-        }));
+            }
+        });
 
         builder.Services.Configure<ForwardedHeadersOptions>(options =>
         {