Add CORS support for DDI API (#2337)

For instance if used in remote swagger or web apps

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-04-02 09:01:02 +03:00
committed by GitHub
parent 29f7c0eb0b
commit 32990ab2ea
3 changed files with 34 additions and 20 deletions

View File

@@ -37,8 +37,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.session.SessionManagementFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
/**
* Security configuration for the REST management API.
@@ -110,7 +108,7 @@ public class MgmtSecurityConfiguration {
SessionManagementFilter.class);
if (securityProperties.getCors().isEnabled()) {
http.cors(configurer -> configurer.configurationSource(corsConfigurationSource()));
http.cors(configurer -> configurer.configurationSource(securityProperties.getCors().toCorsConfigurationSource()));
}
if (securityProperties.isRequireSsl()) {
@@ -136,15 +134,4 @@ public class MgmtSecurityConfiguration {
return http.build();
}
private CorsConfigurationSource corsConfigurationSource() {
final CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
corsConfiguration.setAllowCredentials(true);
corsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
corsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());
corsConfiguration.setExposedHeaders(securityProperties.getCors().getExposedHeaders());
return request -> corsConfiguration;
}
}
}