Add CORS support for DDI API (#2337)
For instance if used in remote swagger or web apps Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
@@ -37,8 +37,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.session.SessionManagementFilter;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
import org.springframework.web.cors.CorsConfigurationSource;
|
||||
|
||||
/**
|
||||
* Security configuration for the REST management API.
|
||||
@@ -110,7 +108,7 @@ public class MgmtSecurityConfiguration {
|
||||
SessionManagementFilter.class);
|
||||
|
||||
if (securityProperties.getCors().isEnabled()) {
|
||||
http.cors(configurer -> configurer.configurationSource(corsConfigurationSource()));
|
||||
http.cors(configurer -> configurer.configurationSource(securityProperties.getCors().toCorsConfigurationSource()));
|
||||
}
|
||||
|
||||
if (securityProperties.isRequireSsl()) {
|
||||
@@ -136,15 +134,4 @@ public class MgmtSecurityConfiguration {
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
private CorsConfigurationSource corsConfigurationSource() {
|
||||
final CorsConfiguration corsConfiguration = new CorsConfiguration();
|
||||
|
||||
corsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins());
|
||||
corsConfiguration.setAllowCredentials(true);
|
||||
corsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders());
|
||||
corsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods());
|
||||
corsConfiguration.setExposedHeaders(securityProperties.getCors().getExposedHeaders());
|
||||
return request -> corsConfiguration;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user