Vibe Index
🎯

ln-773-cors-configurator

🎯Skill

from levnikolaevich/claude-code-skills

VibeIndex|
What it does

Configures CORS policies dynamically for web projects, adapting security settings across development and production environments.

πŸ“¦

Part of

levnikolaevich/claude-code-skills(85 items)

ln-773-cors-configurator

Installation

Claude CodeAdd plugin in Claude Code
/plugin add levnikolaevich/claude-code-skills
git cloneClone repository
git clone https://github.com/levnikolaevich/claude-code-skills.git ~/.claude/skills
πŸ“– Extracted from docs: levnikolaevich/claude-code-skills
Need more details? View full documentation on GitHub β†’
12Installs
-
AddedFeb 4, 2026
View on GitHubBack to Skills

Skill Details

SKILL.md

Configures CORS policy for development and production

Overview

# ln-773-cors-configurator

Type: L3 Worker

Category: 7XX Project Bootstrap

Parent: ln-770-crosscutting-setup

Configures Cross-Origin Resource Sharing (CORS) policy with security-first approach.

---

Overview

| Aspect | Details |

|--------|---------|

| Input | Context Store from ln-770 |

| Output | CORS configuration with environment-specific policies |

| Stacks | .NET (ASP.NET Core CORS), Python (FastAPI CORSMiddleware) |

---

Phase 1: Receive Context

Accept Context Store from coordinator.

Required Context:

  • STACK: .NET or Python
  • PROJECT_ROOT: Project directory path
  • ENVIRONMENT: Development or Production

Idempotency Check:

  • .NET: Grep for AddCors or UseCors
  • Python: Grep for CORSMiddleware
  • If found: Return { "status": "skipped" }

---

Phase 2: Analyze Project Structure

Determine frontend configuration.

Detection Steps:

  1. Check for frontend in same repository (/frontend, /client, /web)
  2. Read .env or appsettings.json for CORS_ORIGINS
  3. Identify common frontend ports (3000, 5173, 4200)

Detected Frontend Origins:

| Framework | Default Port | Origin |

|-----------|--------------|--------|

| React (CRA) | 3000 | http://localhost:3000 |

| Vite | 5173 | http://localhost:5173 |

| Angular | 4200 | http://localhost:4200 |

| Next.js | 3000 | http://localhost:3000 |

---

Phase 3: Decision Points

Q1: Allowed Origins

| Environment | Strategy |

|-------------|----------|

| Development | Allow localhost origins (configurable) |

| Production | Explicit origins from environment variables only |

Security Warning: Never use * (wildcard) with credentials.

Q2: Allowed Methods

| Method | Default | Notes |

|--------|---------|-------|

| GET | βœ“ Yes | Read operations |

| POST | βœ“ Yes | Create operations |

| PUT | βœ“ Yes | Update operations |

| DELETE | βœ“ Yes | Delete operations |

| PATCH | Optional | Partial updates |

| OPTIONS | βœ“ Yes | Preflight requests (automatic) |

Q3: Credentials Support

| Scenario | AllowCredentials | Notes |

|----------|------------------|-------|

| Cookie-based auth | βœ“ Yes | Required for cookies |

| JWT in header | βœ— No | Not needed |

| OAuth2 | Depends | Check documentation |

Warning: AllowCredentials = true prohibits * origin.

Q4: Preflight Cache Duration

| Environment | MaxAge | Rationale |

|-------------|--------|-----------|

| Development | 0 | Immediate config changes |

| Production | 86400 (24h) | Reduce preflight requests |

---

Phase 4: Generate Configuration

.NET Output Files

| File | Purpose |

|------|---------|

| Extensions/CorsExtensions.cs | CORS service registration |

| appsettings.json (update) | Origins configuration |

| appsettings.Development.json (update) | Dev origins |

Generation Process:

  1. Use MCP ref for current ASP.NET Core CORS API
  2. Generate CorsExtensions with:

- Development policy (permissive)

- Production policy (restrictive)

- Environment-based policy selection

  1. Update appsettings with CORS:Origins

Registration Code:

```csharp

builder.Services.AddCorsPolicy(builder.Configuration);

// ...

app.UseCors(builder.Environment.IsDevelopment() ? "Development" : "Production");

```

Python Output Files

| File | Purpose |

|------|---------|

| middleware/cors_config.py | CORS middleware configuration |

| .env (update) | CORS_ORIGINS variable |

Generation Process:

  1. Use MCP ref for FastAPI CORSMiddleware
  2. Generate cors_config.py with:

- Origin parsing from environment

- Method and header configuration

- Credentials handling

  1. Update .env with CORS_ORIGINS

Registration Code:

```python

from middleware.cors_config import configure_cors

configure_cors(app)

```

---

Phase 5: Validate

Validation Steps:

  1. Syntax check:

- .NET: dotnet build --no-restore

- Python: python -m py_compile middleware/cors_config.py

  1. CORS test:

```bash

# Test preflight request

curl -X OPTIONS http://localhost:5000/api/test \

-H "Origin: http://localhost:3000" \

-H "Access-Control-Request-Method: POST" \

-v

```

  1. Verify headers:

- Access-Control-Allow-Origin: Should match request origin

- Access-Control-Allow-Methods: Should list allowed methods

- Access-Control-Allow-Credentials: true (if enabled)

- Access-Control-Max-Age: Cache duration

---

Security Checklist

Before completing, verify:

  • [ ] No wildcard * origin in production
  • [ ] Explicit allowed methods (not AllowAnyMethod in prod)
  • [ ] Credentials only if needed
  • [ ] Origins from environment variables in production
  • [ ] Preflight caching enabled in production

---

Return to Coordinator

```json

{

"status": "success",

"files_created": [

"Extensions/CorsExtensions.cs"

],

"packages_added": [],

"registration_code": "builder.Services.AddCorsPolicy(configuration);",

"message": "Configured CORS with Development and Production policies"

}

```

---

Reference Links

  • [ASP.NET Core CORS](https://learn.microsoft.com/aspnet/core/security/cors)
  • [FastAPI CORS](https://fastapi.tiangolo.com/tutorial/cors/)
  • [MDN CORS](https://developer.mozilla.org/docs/Web/HTTP/CORS)

---

Version: 2.0.0

Last Updated: 2026-01-10

More from this repository10

πŸͺ
levnikolaevich-claude-code-skillsπŸͺMarketplace

Official marketplace for Agile Linear Workflow plugin - complete end-to-end automation for software development teams using Linear. Includes 7XX Project Bootstrap series for technology-agnostic project migration.

🎯
ln-140-test-docs-creator🎯Skill

Generates comprehensive test documentation with testing strategy and test organization structure for software projects.

🎯
ln-110-project-docs-coordinator🎯Skill

Coordinates project documentation by gathering context once, detecting project type, and delegating document creation to 5 specialized workers.

🎯
ln-114-frontend-docs-creator🎯Skill

Generates design guidelines documentation for frontend projects with WCAG 2.1 compliance when a frontend framework is detected.

🎯
ln-113-backend-docs-creator🎯Skill

Generates backend documentation files (API spec and database schema) automatically when backend or database technologies are detected in a project.

🎯
ln-610-code-comments-auditor🎯Skill

Audits code comments and docstrings across 6 quality categories, generating a comprehensive compliance score and actionable recommendations for improvement.

🎯
ln-115-devops-docs-creator🎯Skill

Generates a comprehensive runbook.md for DevOps setup, dynamically tailored to project's Docker configuration and deployment specifics.

🎯
ln-772-error-handler-setup🎯Skill

Configures global exception handling middleware for .NET and Python backend applications with standardized error responses.

🎯
ln-120-reference-docs-creator🎯Skill

Generates reference documentation structure and smart documents for project tech stack, creating only justified architectural decision records and guides.

🎯
ln-625-dependencies-auditor🎯Skill

Audits dependencies for outdated packages, unused imports, unnecessary libraries, and custom implementations, providing actionable recommendations.