hotfix oid4vci cors allowed origins (#102)

* hotfix oid4vci cors allowed origins

* hotfix oid4vci cors allowed origins

* hotfix oid4vci cors allowed origins

* hotfix oid4vci cors allowed origins

* hotfix oid4vci cors allowed origins

* hotfix oid4vci cors allowed origins

* remove log

Author: rubenmodamio

CHANGELOG.md

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v1.6.6](https://github.com/in2workspace/in2-issuer-api/releases/tag/v1.6.6)
+### Fixed
+- OID4VCI cors configuration.
+
 ## [v1.6.5](https://github.com/in2workspace/in2-issuer-api/releases/tag/v1.6.5)
 ### Fixed
 - Refactor configs.

build.gradle

@@ -11,7 +11,7 @@ plugins {
 }
 
 group = 'es.in2'
-version = '1.6.5'
+version = '1.6.6'
 
 java {
     sourceCompatibility = '17'

src/main/java/es/in2/issuer/backend/backoffice/infrastructure/config/security/Oid4vciCORSConfig.java

@@ -15,23 +15,22 @@
 @RequiredArgsConstructor
 
 public class Oid4vciCORSConfig {
-    private final AppConfig appConfig;
-
     /**
      * Default CORS configuration source.
      */
     @Bean
     public UrlBasedCorsConfigurationSource oid4vciCorsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(appConfig.getDefaultCorsAllowedOrigins());
+        configuration.setAllowedOriginPatterns(List.of("*"));
         configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
         configuration.setAllowedHeaders(List.of("*"));
-        configuration.setAllowCredentials(true);
+        configuration.setAllowCredentials(false);
         configuration.setMaxAge(1800L);
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration(OID4VCI_CREDENTIAL_OFFER_PATH, configuration);
         source.registerCorsConfiguration(OAUTH_TOKEN_PATH, configuration);
+        source.registerCorsConfiguration(OID4VCI_CREDENTIAL_PATH, configuration);
         return source;
     }
 }

src/main/java/es/in2/issuer/backend/backoffice/infrastructure/config/security/SecurityConfig.java

@@ -129,7 +129,7 @@ public SecurityWebFilterChain externalFilterChain(ServerHttpSecurity http) {
     public SecurityWebFilterChain oid4vciFilterChain(ServerHttpSecurity http) {
         http
                 .securityMatcher(ServerWebExchangeMatchers.pathMatchers(CORS_OID4VCI_PATH))
-                .cors(cors -> oid4VciCORSConfig.oid4vciCorsConfigurationSource())
+                .cors(cors -> cors.configurationSource(oid4VciCORSConfig.oid4vciCorsConfigurationSource()))
                 .authorizeExchange(exchanges -> exchanges
                         .pathMatchers(OAUTH_TOKEN_PATH, OID4VCI_CREDENTIAL_OFFER_PATH).permitAll()
                         .anyExchange().authenticated()