From af7811ba9a55c2e738d8d41af1395ed2de0f0d0d Mon Sep 17 00:00:00 2001
From: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Date: Tue, 19 Dec 2023 11:51:46 +1000
Subject: [PATCH] [AC-1971] Add SwaggerUI to CORS policy (#3583)

* Allow SwaggerUI authorize requests if in development
---
 src/Identity/Startup.cs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Identity/Startup.cs b/src/Identity/Startup.cs
index 9a7874820d..dda5fb03ee 100644
--- a/src/Identity/Startup.cs
+++ b/src/Identity/Startup.cs
@@ -213,7 +213,11 @@ public class Startup
         app.UseRouting();
 
         // Add Cors
-        app.UseCors(policy => policy.SetIsOriginAllowed(o => CoreHelpers.IsCorsOriginAllowed(o, globalSettings))
+        app.UseCors(policy => policy.SetIsOriginAllowed(o =>
+                CoreHelpers.IsCorsOriginAllowed(o, globalSettings) ||
+
+                // If development - allow requests from the Swagger UI so it can authorize
+                (Environment.IsDevelopment() && o == globalSettings.BaseServiceUri.Api))
             .AllowAnyMethod().AllowAnyHeader().AllowCredentials());
 
         // Add current context