diff --git a/src/main/java/com/metaformsystems/redline/infrastructure/config/SecurityConfig.java b/src/main/java/com/metaformsystems/redline/infrastructure/config/SecurityConfig.java index 97ad724..adf30d8 100644 --- a/src/main/java/com/metaformsystems/redline/infrastructure/config/SecurityConfig.java +++ b/src/main/java/com/metaformsystems/redline/infrastructure/config/SecurityConfig.java @@ -68,15 +68,18 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti @Bean //@Profile("dev") - CorsConfigurationSource corsConfigurationSource(@Value("${app.cors.allowed-origins}") String allowedOrigins) { + CorsConfigurationSource corsConfigurationSource( + @Value("${app.cors.allowed-origins}") List allowedOrigins, + @Value("${app.cors.allowed-methods}") List allowedMethods, + @Value("${app.cors.allowed-headers}") List allowedHeaders) { var config = new CorsConfiguration(); - config.setAllowedOrigins(List.of(allowedOrigins)); - config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); - config.setAllowedHeaders(List.of("Authorization", "Content-Type", "x-requested-with")); + config.setAllowedOrigins(allowedOrigins); + config.setAllowedMethods(allowedMethods); + config.setAllowedHeaders(allowedHeaders); var source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/api/ui/**", config); + source.registerCorsConfiguration("/api/**", config); return source; } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 4b3c5c2..b432fbb 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -37,7 +37,9 @@ tenant-manager: app: cors: - allowed-origins: ${CORS_ALLOWED_ORIGIN:http://localhost:4200} + allowed-origins: ${CORS_ALLOWED_ORIGINS:http://localhost:4200} + allowed-methods: ${CORS_ALLOWED_METHODS:GET,POST,PUT,PATCH,DELETE,OPTIONS} + allowed-headers: ${CORS_ALLOWED_HEADERS:Authorization,Content-Type,x-requested-with} --- # Development Profile with H2 diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index ff72933..5d09d59 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -24,4 +24,6 @@ spring: app: cors: - allowed-origins: "*" \ No newline at end of file + allowed-origins: "*" + allowed-methods: GET,POST,PUT,PATCH,DELETE,OPTIONS + allowed-headers: Authorization,Content-Type,x-requested-with \ No newline at end of file