From 6d34e4942fcfaded87398ebda050c014b3d72cb6 Mon Sep 17 00:00:00 2001
From: Jon Nicholson <drjonnicholson@users.noreply.github.com>
Date: Fri, 21 Nov 2025 20:09:34 +0000
Subject: [PATCH 1/2] Change cors policy TerminateUnmatchedRequest type to bool

---
 src/Authoring/Configs/CorsConfig.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Authoring/Configs/CorsConfig.cs b/src/Authoring/Configs/CorsConfig.cs
index b98c9b0..f459436 100644
--- a/src/Authoring/Configs/CorsConfig.cs
+++ b/src/Authoring/Configs/CorsConfig.cs
@@ -24,7 +24,7 @@ public record CorsConfig
     /// Policy expressions are allowed.
     /// </summary>
     [ExpressionAllowed]
-    public string? TerminateUnmatchedRequest { get; init; }
+    public bool? TerminateUnmatchedRequest { get; init; }
 
     /// <summary>
     /// List of origins allowed to make cross-origin calls to your API.<br/>

From 9d8932549f8105dc4b47a373606ba2899cc5ce0d Mon Sep 17 00:00:00 2001
From: Jon Nicholson <drjonnicholson@users.noreply.github.com>
Date: Fri, 21 Nov 2025 20:19:17 +0000
Subject: [PATCH 2/2] Add tests

---
 test/Test.Core/Compiling/CorsTests.cs | 62 +++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/test/Test.Core/Compiling/CorsTests.cs b/test/Test.Core/Compiling/CorsTests.cs
index 4dd9cdc..18d452d 100644
--- a/test/Test.Core/Compiling/CorsTests.cs
+++ b/test/Test.Core/Compiling/CorsTests.cs
@@ -236,6 +236,68 @@ public void Inbound(IInboundContext context) {
         """,
         DisplayName = "Should compile cors policy with expose headers"
     )]
+    [DataRow(
+        """
+        [Document]
+        public class PolicyDocument : IDocument
+        {
+            public void Inbound(IInboundContext context) {
+                context.Cors(new CorsConfig()
+                    {
+                        AllowedOrigins = ["contoso.com"],
+                        AllowedHeaders = ["accept"],
+                        TerminateUnmatchedRequest = true,
+                    });
+            }
+        }
+        """,
+        """
+        <policies>
+            <inbound>
+                <cors terminate-unmatched-request="true">
+                    <allowed-origins>
+                        <origin>contoso.com</origin>
+                    </allowed-origins>
+                    <allowed-headers>
+                        <header>accept</header>
+                    </allowed-headers>
+                </cors>
+            </inbound>
+        </policies>
+        """,
+        DisplayName = "Should compile cors policy with terminate unmatched request explicitly enabled"
+    )]
+    [DataRow(
+        """
+        [Document]
+        public class PolicyDocument : IDocument
+        {
+            public void Inbound(IInboundContext context) {
+                context.Cors(new CorsConfig()
+                    {
+                        AllowedOrigins = ["contoso.com"],
+                        AllowedHeaders = ["accept"],
+                        TerminateUnmatchedRequest = false,
+                    });
+            }
+        }
+        """,
+        """
+        <policies>
+            <inbound>
+                <cors terminate-unmatched-request="false">
+                    <allowed-origins>
+                        <origin>contoso.com</origin>
+                    </allowed-origins>
+                    <allowed-headers>
+                        <header>accept</header>
+                    </allowed-headers>
+                </cors>
+            </inbound>
+        </policies>
+        """,
+        DisplayName = "Should compile cors policy with terminate unmatched request disabled"
+    )]
     public void ShouldCompileCorsPolicy(string code, string expectedXml)
     {
         code.CompileDocument().Should().BeSuccessful().And.DocumentEquivalentTo(expectedXml);