Make sure CORS is enabled on Bitpay's API

2025-12-17 14:04:26 +01:00 · 2019-01-29 18:20:18 +09:00
parent 0c5b5ff49c
commit 4f4d05b8cd
4 changed files with 5 additions and 9 deletions
--- a/BTCPayServer/Controllers/AccessTokenController.cs
+++ b/BTCPayServer/Controllers/AccessTokenController.cs
@@ -2,6 +2,7 @@
 using BTCPayServer.Filters;
 using BTCPayServer.Models;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Cors;
 using Microsoft.AspNetCore.Mvc;
 using NBitcoin.DataEncoders;
 using NBitpayClient;
@@ -14,6 +15,7 @@ namespace BTCPayServer.Controllers
 {
    [Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)]
    [BitpayAPIConstraint(true)]
+    [EnableCors(CorsPolicies.All)]
    public class AccessTokenController : Controller
    {
        TokenRepository _TokenRepository;
--- a/BTCPayServer/Controllers/InvoiceController.API.cs
+++ b/BTCPayServer/Controllers/InvoiceController.API.cs
@@ -12,8 +12,8 @@ using NBitpayClient;

 namespace BTCPayServer.Controllers
 {
-    [EnableCors("BitpayAPI")]
    [BitpayAPIConstraint]
+    [EnableCors(CorsPolicies.All)]
    [Authorize(Policies.CanCreateInvoice.Key, AuthenticationSchemes = Policies.BitpayAuthentication)]
    public class InvoiceControllerAPI : Controller
    {
--- a/BTCPayServer/Controllers/RateController.cs
+++ b/BTCPayServer/Controllers/RateController.cs
@@ -12,11 +12,13 @@ using BTCPayServer.Rating;
 using Newtonsoft.Json;
 using Microsoft.AspNetCore.Authorization;
 using BTCPayServer.Authentication;
+using Microsoft.AspNetCore.Cors;

 namespace BTCPayServer.Controllers
 {
    [Authorize(AuthenticationSchemes = Security.Policies.BitpayAuthentication)]
    [AllowAnonymous]
+    [EnableCors(CorsPolicies.All)]
    public class RateController : Controller
    {
        RateFetcher _RateProviderFactory;
--- a/BTCPayServer/Hosting/Startup.cs
+++ b/BTCPayServer/Hosting/Startup.cs
@@ -92,14 +92,6 @@ namespace BTCPayServer.Hosting
                options.Lockout.MaxFailedAccessAttempts = 5;
                options.Lockout.AllowedForNewUsers = true;
            });
-            services.AddCors(o =>
-            {
-                o.AddPolicy("BitpayAPI", b =>
-                {
-                    b.AllowAnyMethod().AllowAnyHeader().AllowAnyOrigin();
-                });
-            });
-
            // If the HTTPS certificate path is not set this logic will NOT be used and the default Kestrel binding logic will be.
            string httpsCertificateFilePath = Configuration.GetOrDefault<string>("HttpsCertificateFilePath", null);
            bool useDefaultCertificate = Configuration.GetOrDefault<bool>("HttpsUseDefaultCertificate", false);