Commit 4e193d28 authored by Khalid Ali's avatar Khalid Ali
Browse files

Fixed CORS errors galore (CSRF token & Cross Origin header)

parent fb335938
......@@ -19,11 +19,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import java.util.Arrays;
import java.util.Collections;
@Configuration
......@@ -47,8 +43,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// .cors()
// .and()
.cors()
.and()
// .csrf()
// .disable()
.authorizeRequests()
......@@ -87,17 +83,4 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
filter.setAuthenticationManager(authenticationManager());
return filter;
}
//
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Collections.singletonList("*"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "OPTIONS", "DELETE", "PUT", "PATCH"));
configuration.setAllowedHeaders(Arrays.asList("X-Requested-With", "Origin", "Content-Type", "Accept",
"Authorization"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
\ No newline at end of file
......@@ -39,6 +39,7 @@ import java.util.Date;
import java.util.List;
import java.util.stream.Collectors;
@CrossOrigin(origins = "https://localhost:8081", allowCredentials = "true", exposedHeaders = {"X-CSRF-HEADER", "X-CSRF-TOKEN"})
@RestController
@RequestMapping("/bs/api/")
public class BookshareApiController {
......@@ -191,9 +192,19 @@ public class BookshareApiController {
.collect(Collectors.toList());
}
// AUTHENTICATION METHODS
// @RequestMapping(
// value = "/**",
// method = RequestMethod.OPTIONS
// )
// public ResponseEntity handle() {
// return new ResponseEntity(HttpStatus.OK);
// }
@RequestMapping(value = "/login", method = RequestMethod.GET)
public void loginRedirect(HttpServletResponse httpServletResponse) {
String redirectURL = "https://localhost:9090";
String redirectURL = "https://localhost:8081";
httpServletResponse.setHeader("Location", redirectURL);
httpServletResponse.setStatus(302);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment