Update LittleShop configuration and deployment files

- Modified CLAUDE.md documentation - Updated Dockerfile configuration - Updated Program.cs and production settings - Added deployment scripts for Hostinger - Added Hostinger environment configuration 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-18 19:27:58 +01:00
parent a419bd7a78
commit 54618348ab
9 changed files with 290 additions and 23 deletions
--- a/LittleShop/Program.cs
+++ b/LittleShop/Program.cs
@@ -139,28 +139,68 @@ builder.Services.AddSwaggerGen(c =>
    });
 });

-// CORS
+// CORS - Configure for both development and production
 builder.Services.AddCors(options =>
 {
    options.AddPolicy("AllowAll",
-        builder =>
+        corsBuilder =>
        {
-            builder.AllowAnyOrigin()
+            corsBuilder.SetIsOriginAllowed(origin => true) // Allow any origin
                   .AllowAnyMethod()
-                   .AllowAnyHeader();
+                   .AllowAnyHeader()
+                   .AllowCredentials(); // Important for cookie authentication
+        });
+
+    // Production CORS policy for Hostinger deployment
+    options.AddPolicy("ProductionCors",
+        corsBuilder =>
+        {
+            corsBuilder.SetIsOriginAllowed(origin =>
+                {
+                    // Allow all subdomains of thebankofdebbie.giize.com
+                    var allowedHosts = new[]
+                    {
+                        "thebankofdebbie.giize.com",
+                        "admin.thebankofdebbie.giize.com",
+                        "localhost"
+                    };
+
+                    var uri = new Uri(origin);
+                    return allowedHosts.Any(host =>
+                        uri.Host.Equals(host, StringComparison.OrdinalIgnoreCase) ||
+                        uri.Host.EndsWith($".{host}", StringComparison.OrdinalIgnoreCase));
+                })
+                .AllowAnyMethod()
+                .AllowAnyHeader()
+                .AllowCredentials();
        });
 });

 var app = builder.Build();

 // Configure the HTTP request pipeline.
+
+// Add CORS early in the pipeline - before authentication
 if (app.Environment.IsDevelopment())
 {
+    app.UseCors("AllowAll");
    app.UseSwagger();
    app.UseSwaggerUI();
 }
+else
+{
+    // Use production CORS policy in production environment
+    // For now, use AllowAll to diagnose the issue
+    app.UseCors("AllowAll");
+}
+
+// Add error handling middleware for production
+if (!app.Environment.IsDevelopment())
+{
+    app.UseExceptionHandler("/Home/Error");
+    app.UseHsts(); // Use HSTS for production security
+}

-app.UseCors("AllowAll");
 app.UseStaticFiles(); // Enable serving static files
 app.UseAuthentication();
 app.UseAuthorization();