add the cors policy as first item on the pipeline filter (#15472)

this ensures that any assets loaded as "modules" also get the right Access-Control-Allow-* headers
2023-12-18 14:19:53 +01:00
parent c2b970d0de
commit 650a9dad3b
1 changed files with 4 additions and 3 deletions
--- a/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeCorsPolicyBuilderExtensions.cs
+++ b/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeCorsPolicyBuilderExtensions.cs
@@ -29,7 +29,8 @@ internal static class BackOfficeCorsPolicyBuilderExtensions

        builder.Services.AddCors(options =>
        {
-            options.AddPolicy(name: policyName,
+            options.AddPolicy(
+                name: policyName,
                policy =>
                {
                    policy
@@ -42,9 +43,9 @@ internal static class BackOfficeCorsPolicyBuilderExtensions

        builder.Services.Configure<UmbracoPipelineOptions>(options =>
        {
-            options.AddFilter(new UmbracoPipelineFilter("UmbracoManagementApiCustomHostCorsPolicy")
+            options.PipelineFilters.Insert(0, new UmbracoPipelineFilter("UmbracoManagementApiCustomHostCorsPolicy")
            {
-                PostRouting = app => app.UseCors(policyName)
+                PrePipeline = app => app.UseCors(policyName),
            });
        });