AssetController.GetAll validated page >= 1 (one-based), inconsistent with PersonController and AlbumController which use zero-based pages. Adjust validation to page >= 0 and pass page + 1 to the repository which internally uses one-based.
Milky Shots
A place where to look for images
TODO: fill more information here
Configuration
CORS allowed origins
The API uses a CORS policy to control which browser origins may call it.
Allowed origins are configured via the CorsAllowedOrigins key.
appsettings.json (default / development)
{
"CorsAllowedOrigins": [ "http://localhost:5269", "http://localhost:8080" ]
}
Environment variable (Docker / production)
Set the CorsAllowedOrigins environment variable to a semicolon-separated list of
origins. This value replaces the entire array from appsettings.json, so you must
list every origin you want to allow:
CorsAllowedOrigins=http://myserver:8080
# or multiple origins:
CorsAllowedOrigins=http://myserver:8080;https://myserver.example.com
To allow any origin (useful when the server IP is unknown at deploy time):
CorsAllowedOrigins=*
⚠️ Security warning: Setting
CorsAllowedOrigins=*disables CORS origin checking entirely — any website can make authenticated requests to the API from a visitor's browser. Only use this option in fully trusted, self-hosted environments where you control all network access. For any internet-facing deployment always specify explicit origins instead.
This is already set up in docker-compose.yml — override it with your server's
hostname/IP if you are not running on localhost.
Configuring CORS for the MilkStream frontend
MilkStream is the Blazor WASM frontend that talks to the Lactose API. Because the
browser fetches the API directly, the origin of MilkStream as seen by the browser
must be listed in CorsAllowedOrigins on the Lactose service.
The two services are mapped in docker-compose.yml as follows:
| Service | Container port | Host port | Browser URL (default) |
|---|---|---|---|
lactose |
8080 | 5162 | http://yourserver:5162 |
milkstream |
8080 | 8080 | http://yourserver:8080 |
MilkStream's URL (http://yourserver:8080) must be added to Lactose's allowed origins,
and LactoseBaseUrl on MilkStream must point to the URL the browser uses to reach
Lactose (http://yourserver:5162).
Example — running on myserver.local:
# docker-compose.yml (relevant excerpts)
lactose:
environment:
- CorsAllowedOrigins=http://myserver.local:8080 # MilkStream origin seen by the browser
milkstream:
environment:
- LactoseBaseUrl=http://myserver.local:5162/ # Lactose URL seen by the browser
Example — running on localhost (default):
lactose:
environment:
- CorsAllowedOrigins=http://localhost:8080
milkstream:
environment:
- LactoseBaseUrl=http://localhost:5162/
If you expose MilkStream on a non-standard port or via HTTPS, adjust both values
accordingly and list the exact scheme://host:port that appears in the browser's
address bar.