Allow CORS for creating a new invoice via AJAX through the PoS app (fix #238)

BTCPayServer/Controllers/AppsController.PointOfSale.cs

@@ -19,6 +19,7 @@ using BTCPayServer.Services.Rates;
 using System.Globalization;
 using System.Text;
 using System.Text.Encodings.Web;
+using Microsoft.AspNetCore.Cors;
 
 namespace BTCPayServer.Controllers
 {
@@ -208,6 +209,7 @@ namespace BTCPayServer.Controllers
         [HttpPost]
         [Route("{appId}/pos")]
         [IgnoreAntiforgeryToken]
+        [EnableCors(CorsPolicies.All)]
         public async Task<IActionResult> ViewPointOfSale(string appId,
                                                         decimal amount,
                                                         string email,

BTCPayServer/CorsPolicies.cs

@@ -0,0 +1,12 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+
+namespace BTCPayServer
+{
+    public static class CorsPolicies
+    {
+        public const string All = "BTCPAY_ALL";
+    }
+}

BTCPayServer/Hosting/BTCPayServerServices.cs

@@ -157,6 +157,10 @@ namespace BTCPayServer.Hosting
                 return bundle;
             });
 
+            services.AddCors(options=> 
+            {
+                options.AddPolicy(CorsPolicies.All, p=>p.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
+            });
             return services;
         }
 

BTCPayServer/Hosting/Startup.cs

@@ -155,6 +155,7 @@ namespace BTCPayServer.Hosting
                 app.UseDeveloperExceptionPage();
             }
 
+            app.UseCors();
             app.UsePayServer();
             app.UseStaticFiles();
             app.UseAuthentication();