Merge pull request #139 from JimTheCat/CU-8697r7yzg_add-CORS-handling…

…_Kinga-Traczyk chore: add CORS handling
JimTheCat · Jan 30, 2025 · 994ae6c · 994ae6c
2 parents 27ca7ce + 0ffd697
commit 994ae6c
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 4 deletions.
diff --git a/backend/src/main/java/meowhub/backend/security/SecurityConfig.java b/backend/src/main/java/meowhub/backend/security/SecurityConfig.java
@@ -5,6 +5,7 @@
 import meowhub.backend.users.facades.UserAuthServiceFacade;
 import meowhub.backend.security.jwt.AuthEntryPointJwt;
 import meowhub.backend.security.jwt.AuthTokenFilter;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -18,18 +19,23 @@
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import java.time.LocalDate;
 
 @Configuration
 @EnableWebSecurity
 public class SecurityConfig {
+    @Value("${custom.frontend.url}")
+    private String frontendUrl;
 
     @Bean
     SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http, AuthEntryPointJwt unauthorizedHandler, AuthTokenFilter authenticationJwtTokenFilter) throws Exception {
+        http.cors(Customizer.withDefaults());
+
         http.csrf(csrf -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
-                .ignoringRequestMatchers("/api/auth/public/**", "/api/ext/**")
-        );
+                .ignoringRequestMatchers("/api/auth/public/**", "/api/ext/**"));
 
         http.authorizeHttpRequests(requests -> requests
                 .requestMatchers("/api/csrf-token/**").permitAll()
@@ -74,4 +80,21 @@ public PasswordEncoder passwordEncoder() {
     public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception {
         return authConfig.getAuthenticationManager();
     }
+
+    @Bean
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/api/**")
+                        .allowedOrigins(frontendUrl)
+                        .allowedMethods("GET", "POST", "DELETE")
+                        .allowedHeaders("Content-Type", "Authorization", "X-XSRF-TOKEN")
+                        .exposedHeaders("X-XSRF-TOKEN")
+                        .allowCredentials(true);
+            }
+        };
+    }
+
+
 }
diff --git a/backend/src/main/resources/application-dev.properties b/backend/src/main/resources/application-dev.properties
@@ -17,3 +17,6 @@ spring.app.jwtExpirationMs=17280000
 logging.level.org.hibernate.SQL=DEBUG
 logging.level.org.springframework.jdbc=DEBUG
 logging.level.org.springframework.orm.jpa=DEBUG
+
+custom.frontend.url=
+custom.reset-password.url=
diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties
@@ -27,4 +27,7 @@ spring.mail.password=${MAIL_PASSWORD}
 spring.mail.properties.mail.smtp.auth=${MAIL_SMTP_AUTH}
 spring.mail.properties.mail.smtp.starttls.enable=${MAIL_SMTP_AUTH_STARTTLS}
 
-custom.reset-password.url=${RESET_MAIL_URL}
+##custom properties
+custom.reset-password.url=${RESET_MAIL_URL}
+
+custom.frontend.url=${FRONTEND_URL}
diff --git a/backend/src/test/resources/application-test.properties b/backend/src/test/resources/application-test.properties
@@ -20,4 +20,5 @@ spring.mail.host=
 spring.mail.port=
 spring.mail.username=
 spring.mail.password=
-custom.reset-password.url=
+custom.reset-password.url=
+custom.frontend.url=