Confirm you've already contributed to this project or that you sponsor it
Describe the solution you'd like
It was quite impossible to figure out how to set a specific cors policy for Openiddict rather than open all endpoints to a permissive default policy.
Can't figure out where it belongs in docs though.
Program.cs:
//BEFORE host.UseCors();
host.Use((context, next) => {
if (!context.Request.Path.StartsWithSegments("/.well-known/openid-configuration")) return next(context);
if (context.GetEndpoint() is not null) return next(context);
context.SetEndpoint(new(null, new(new EnableCorsAttribute("MyCorsPolicyForOpeniddict")), null));
return next(context);
});
host.UseCors();
host.UseAuthentication();
The other endpoints are map-able, so that can be done via normal procedure. E.g.
app.MapPost("/connect/token", [EnableCorsAttribute("MyCorsPolicyForOpeniddict)] [AllowAnonymous] async (HttpContext context, ...) => ...);
Additional context
No response
Confirm you've already contributed to this project or that you sponsor it
Describe the solution you'd like
It was quite impossible to figure out how to set a specific cors policy for Openiddict rather than open all endpoints to a permissive default policy.
Can't figure out where it belongs in docs though.
Program.cs:
The other endpoints are map-able, so that can be done via normal procedure. E.g.
Additional context
No response