From 7a2bcb99869f30d172dd565b9c86aabf8ffc5416 Mon Sep 17 00:00:00 2001
From: Daniel Gerhardt <code@dgerhardt.net>
Date: Thu, 8 Mar 2018 11:50:49 +0100
Subject: [PATCH] Fix CORS

Setting 'security.cors.origins' did not have any effect since the the
configuration was overriden by the default path settings.
---
 src/main/java/de/thm/arsnova/web/CorsFilter.java | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/main/java/de/thm/arsnova/web/CorsFilter.java b/src/main/java/de/thm/arsnova/web/CorsFilter.java
index 1390fb455..c660011d6 100644
--- a/src/main/java/de/thm/arsnova/web/CorsFilter.java
+++ b/src/main/java/de/thm/arsnova/web/CorsFilter.java
@@ -33,8 +33,8 @@ public class CorsFilter extends org.springframework.web.filter.CorsFilter {
 	}
 
 	private static UrlBasedCorsConfigurationSource configurationSource(List<String> origins) {
+		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
 		CorsConfiguration config;
-		UrlBasedCorsConfigurationSource source;
 
 		/* Grant full access from specified origins */
 		config = new CorsConfiguration();
@@ -47,7 +47,6 @@ public class CorsFilter extends org.springframework.web.filter.CorsFilter {
 		config.addAllowedMethod("PUT");
 		config.addAllowedMethod("DELETE");
 		config.setAllowCredentials(true);
-		source = new UrlBasedCorsConfigurationSource();
 		source.registerCorsConfiguration("/**", config);
 
 		/* Grant limited access from all origins */
@@ -57,7 +56,6 @@ public class CorsFilter extends org.springframework.web.filter.CorsFilter {
 		config.addAllowedHeader("X-Requested-With");
 		config.addAllowedMethod("GET");
 		config.setAllowCredentials(true);
-		source = new UrlBasedCorsConfigurationSource();
 		source.registerCorsConfiguration("/", config);
 		source.registerCorsConfiguration("/arsnova-config", config);
 		source.registerCorsConfiguration("/configuration/", config);
-- 
GitLab