add EnableCors attributes

Author: retailcoder

rubberduckvba.Server/Api/Admin/AdminController.cs

@@ -1,4 +1,5 @@
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
 
@@ -13,6 +14,7 @@ public class AdminController(ConfigurationOptions options, HangfireLauncherServi
     /// </summary>
     /// <returns>The unique identifier of the enqueued job.</returns>
     [Authorize("github")]
+    [EnableCors("CorsPolicy")]
     [HttpPost("admin/update/xmldoc")]
     public IActionResult UpdateXmldocContent()
     {
@@ -25,6 +27,7 @@ public IActionResult UpdateXmldocContent()
     /// </summary>
     /// <returns>The unique identifier of the enqueued job.</returns>
     [Authorize("github")]
+    [EnableCors("CorsPolicy")]
     [HttpPost("admin/update/tags")]
     public IActionResult UpdateTagMetadata()
     {

rubberduckvba.Server/Api/Admin/WebhookController.cs

@@ -1,4 +1,5 @@
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using System.Text.Json;
 
@@ -21,6 +22,7 @@ public WebhookController(
     }
 
     [Authorize("webhook")]
+    [EnableCors("webhookPolicy")]
     [HttpPost("webhook/github")]
     public async Task<IActionResult> GitHub([FromBody] dynamic body) =>
         GuardInternalAction(() =>

rubberduckvba.Server/Api/Auth/AuthController.cs

@@ -1,4 +1,5 @@
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
 using Octokit;
@@ -70,6 +71,7 @@ public IActionResult Index()
     }
 
     [HttpPost("auth/signin")]
+    [EnableCors("CorsPolicy")]
     [AllowAnonymous]
     public IActionResult SessionSignIn(SignInViewModel vm)
     {
@@ -106,6 +108,7 @@ public IActionResult SessionSignIn(SignInViewModel vm)
     }
 
     [HttpPost("auth/github")]
+    [EnableCors("CorsPolicy")]
     [AllowAnonymous]
     public IActionResult OnGitHubCallback(SignInViewModel vm)
     {

rubberduckvba.Server/Program.cs

@@ -45,7 +45,7 @@ public static void Main(string[] args)
 
         builder.Services.AddCors(builder =>
         {
-            builder.AddDefaultPolicy(policy =>
+            builder.AddPolicy("CorsPolicy", policy =>
             {
                 policy
                     .SetIsOriginAllowed(origin => true)
@@ -54,22 +54,6 @@ public static void Main(string[] args)
                     .AllowCredentials()
                     .Build();
             });
-
-            builder.AddPolicy("webhookPolicy", policy =>
-            {
-                policy
-#if DEBUG
-                    .SetIsOriginAllowed(origin => true)
-#else
-                    .SetIsOriginAllowedToAllowWildcardSubdomains()
-                    .WithOrigins("*.github.com")
-#endif
-                    .WithHeaders("Content-Type", "X-GitHub-Event", "X-GitHub-Delivery", "X-GitHub-Hook-ID", "X-Hub-Signature", "X-Hub-Signature256")
-                    .WithMethods("POST")
-                    .DisallowCredentials()
-                    .SetPreflightMaxAge(TimeSpan.FromHours(48))
-                    .Build();
-            });
         });
 
         builder.Services.AddAuthentication(options =>