Skip to content

Commit f49d6ac

Browse files
hardikSinghBehlhardikSinghBehl
committed
enabling cors
1 parent 11558ad commit f49d6ac

File tree

1 file changed

+18
-1
lines changed

1 file changed

+18
-1
lines changed

src/main/java/com/behl/overseer/configuration/SecurityConfiguration.java

+18-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
package com.behl.overseer.configuration;
22

3+
import java.util.List;
4+
35
import org.springframework.context.annotation.Bean;
46
import org.springframework.context.annotation.Configuration;
57
import org.springframework.http.HttpMethod;
@@ -9,6 +11,9 @@
911
import org.springframework.security.crypto.password.PasswordEncoder;
1012
import org.springframework.security.web.SecurityFilterChain;
1113
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
14+
import org.springframework.web.cors.CorsConfiguration;
15+
import org.springframework.web.cors.CorsConfigurationSource;
16+
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
1217

1318
import com.behl.overseer.filter.JwtAuthenticationFilter;
1419
import com.behl.overseer.filter.RateLimitFilter;
@@ -47,7 +52,7 @@ public class SecurityConfiguration {
4752
@SneakyThrows
4853
public SecurityFilterChain configure(final HttpSecurity http) {
4954
http
50-
.cors(corsConfigurer -> corsConfigurer.disable())
55+
.cors(corsConfigurer -> corsConfigurer.configurationSource(corsConfigurationSource()))
5156
.csrf(csrfConfigurer -> csrfConfigurer.disable())
5257
.sessionManagement(sessionConfigurer -> sessionConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
5358
.authorizeHttpRequests(authManager -> {
@@ -66,5 +71,17 @@ public SecurityFilterChain configure(final HttpSecurity http) {
6671
public PasswordEncoder passwordEncoder() {
6772
return new BCryptPasswordEncoder();
6873
}
74+
75+
private CorsConfigurationSource corsConfigurationSource() {
76+
final var corsConfiguration = new CorsConfiguration();
77+
corsConfiguration.setAllowedOrigins(List.of("*"));
78+
corsConfiguration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
79+
corsConfiguration.setAllowedHeaders(List.of("Authorization", "Origin", "Content-Type", "Accept"));
80+
corsConfiguration.setExposedHeaders(List.of("Content-Type", "X-Rate-Limit-Retry-After-Seconds", "X-Rate-Limit-Remaining"));
81+
82+
final var corsConfigurationSource = new UrlBasedCorsConfigurationSource();
83+
corsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
84+
return corsConfigurationSource;
85+
}
6986

7087
}

0 commit comments

Comments
 (0)