set cors policies to only allow web vault origin (#787)

* set cors policy to only allow web vault * vault cors policy service
2025-12-16 08:13:33 +00:00 · 2020-06-23 18:47:53 -04:00
parent 2daca941f3
commit cf70a5e480
6 changed files with 24 additions and 17 deletions
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@@ -169,7 +169,7 @@ namespace Bit.Api
            app.UseRouting();

            // Add Cors
-            app.UseCors(policy => policy.SetIsOriginAllowed(h => true)
+            app.UseCors(policy => policy.SetIsOriginAllowed(o => o == globalSettings.BaseServiceUri.Vault)
                .AllowAnyMethod().AllowAnyHeader().AllowCredentials());

            // Add authentication and authorization to the request pipeline.