TL;DR: This is a fix for that CORS error that was causing issues. I'm very confident in it. Master now works, before it rejected sign-ins.
This specifies localhost 3000 instead of AllowAnyOrigin().
This was causing all preflights to be rejected since AllowAnyOrigin() was used in combination with AllowCredentials(). This wasn't an issue when we originally configured CORS because we weren't actually utilizing AllowCredentials().
Additionally, this PR removes the http:5000 port entirely, in favor of only hosting https:5001. The redirect from 5000 to 5001 doesn't work in a cross origin context, because preflights don't support redirection.
Personally I think only using https then makes our requests much more uniform. There will never be a http request written in the front end.
TL;DR: This is a fix for that CORS error that was causing issues. I'm very confident in it. Master now works, before it rejected sign-ins.
This specifies localhost 3000 instead of
AllowAnyOrigin().This was causing all preflights to be rejected since AllowAnyOrigin() was used in combination with AllowCredentials(). This wasn't an issue when we originally configured CORS because we weren't actually utilizing AllowCredentials().
Additionally, this PR removes the
http:5000port entirely, in favor of only hostinghttps:5001. The redirect from 5000 to 5001 doesn't work in a cross origin context, because preflights don't support redirection.Personally I think only using
httpsthen makes our requests much more uniform. There will never be ahttprequest written in the front end.