Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR configures the API for containerized deployment by adding health checks, relaxing CORS policy, and disabling HTTPS redirection for HTTP-only container environments.
- Added health check endpoint for container orchestration monitoring
- Changed CORS policy from localhost-only to allow any origin
- Disabled HTTPS redirection with explanatory comment for container compatibility
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| { | ||
| builder | ||
| .WithOrigins("http://localhost:3000", "https://localhost:3000") | ||
| .AllowAnyOrigin() |
There was a problem hiding this comment.
Using AllowAnyOrigin() creates a security vulnerability by allowing requests from any domain. This should be restricted to specific trusted origins, especially in production environments. Consider using WithOrigins() with a configurable list of allowed domains.
| app.UseCors("CorsPolicy"); | ||
|
|
||
| app.UseHttpsRedirection(); | ||
| //app.UseHttpsRedirection(); turned off because the container is http only |
There was a problem hiding this comment.
Disabling HTTPS redirection removes an important security layer. Consider implementing HTTPS termination at the reverse proxy/load balancer level instead of disabling it entirely, or use environment-based configuration to conditionally enable HTTPS redirection.
| //app.UseHttpsRedirection(); turned off because the container is http only | |
| // Conditionally enable HTTPS redirection based on configuration | |
| if (builder.Configuration.GetValue<bool>("EnableHttpsRedirection")) | |
| { | |
| app.UseHttpsRedirection(); | |
| } |
No description provided.