Refactor Boilerplate Cors policy (#8272)

src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/Program.Services.cs

@@ -4,6 +4,7 @@
 using Boilerplate.Server.Api.Services;
 using System.Net;
 using System.Net.Mail;
+using System.Text.RegularExpressions;
 using System.Security.Cryptography.X509Certificates;
 using Boilerplate.Server.Api.Models.Identity;
 using Microsoft.OpenApi.Models;
@@ -60,8 +61,9 @@ public static void ConfigureApiServices(this WebApplicationBuilder builder)
         {
             builder.AddDefaultPolicy(policy =>
             {
-                // 0.0.0.0 origins are essential for the proper functioning of BlazorHybrid's WebView, while localhost:4030 is a prerequisite for BlazorWebAssemblyStandalone testing.
-                policy.WithOrigins("https://0.0.0.0", "app://0.0.0.0", string.IsNullOrEmpty(appSettings.WebClientUrl) ? "http://localhost:4030" : appSettings.WebClientUrl)
+                policy.SetIsOriginAllowed(origin => 
+                            LocalhostOriginRegex().IsMatch(origin) ||
+                            (string.IsNullOrEmpty(appSettings.WebClientUrl) is false && string.Equals(origin, appSettings.WebClientUrl, StringComparison.InvariantCultureIgnoreCase)))
                       .AllowAnyHeader()
                       .AllowAnyMethod()
                       .WithExposedHeaders(HeaderNames.RequestId);
@@ -366,4 +368,10 @@ private static void AddSwaggerGen(WebApplicationBuilder builder)
             });
         });
     }
+
+    /// <summary>
+    /// For either Blazor Hybrid web view or localhost in dev environment.
+    /// </summary>
+    [GeneratedRegex(@"^(http|https|app):\/\/(localhost|0\.0\.0\.0|127\.0\.0\.1)(:\d+)?(\/.*)?$")]
+    private static partial Regex LocalhostOriginRegex();
 }