fix:modification in validation

Author: vishwab1

src/main/environment/common_ci.properties

@@ -118,4 +118,5 @@ springdoc.swagger-ui.enabled=@env.SWAGGER_DOC_ENABLED@
 
 # Redis IP
 spring.redis.host=@env.REDIS_HOST@
+
 cors.allowed-origins=@env.CORS_ALLOWED_ORIGINS@

src/main/java/com/wipro/fhir/config/CorsConfig.java

@@ -20,8 +20,8 @@ public void addCorsMappings(CorsRegistry registry) {
                                 .map(String::trim)
                                 .toArray(String[]::new))
                 .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
-                .allowedHeaders("*")
-                .exposedHeaders("Authorization", "Jwttoken")
+                .allowedHeaders("Content-Type", "Authorization")
+                .exposedHeaders("Authorization")
                 .allowCredentials(true)
                 .maxAge(3600);
     }

src/main/java/com/wipro/fhir/utils/JwtUserIdValidationFilter.java

@@ -46,6 +46,7 @@ public void doFilter(ServletRequest servletRequest, ServletResponse servletRespo
 			response.setHeader("Access-Control-Allow-Origin", origin);
 			response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
 			response.setHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, Accept, Jwttoken");
+			response.setHeader("Vary", "Origin");
 			response.setHeader("Access-Control-Allow-Credentials", "true");
 		} else {
 			logger.warn("Origin [{}] is NOT allowed. CORS headers NOT added.", origin);