Skip to content
Snippets Groups Projects

Only enable full CORS config if a domain is specified

Merged Only enable full CORS config if a domain is specified
fix-public-cors into 2.x
Merged Daniel Gerhardt requested to merge fix-public-cors into 2.x
Compare
and
1 file
+ 25
24
Compare changes
  • Side-by-side
  • Inline
src/main/java/de/thm/arsnova/web/CorsFilter.java
+ 25
24
@@ -36,30 +36,31 @@ public class CorsFilter extends org.springframework.web.filter.CorsFilter {
@@ -36,30 +36,31 @@ public class CorsFilter extends org.springframework.web.filter.CorsFilter {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config;
CorsConfiguration config;
/* Grant full access from specified origins */
if (!origins.isEmpty()) {
config = new CorsConfiguration();
/* Grant full access from specified origins */
config.setAllowedOrigins(origins);
config = new CorsConfiguration();
config.addAllowedHeader("Accept");
config.setAllowedOrigins(origins);
config.addAllowedHeader("Content-Type");
config.addAllowedHeader("Accept");
config.addAllowedHeader("X-Requested-With");
config.addAllowedHeader("Content-Type");
config.addAllowedMethod("GET");
config.addAllowedHeader("X-Requested-With");
config.addAllowedMethod("POST");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PUT");
config.setAllowCredentials(true);
config.addAllowedMethod("DELETE");
source.registerCorsConfiguration("/**", config);
config.setAllowCredentials(true);
source.registerCorsConfiguration("/**", config);
/* Grant limited access from all origins */
} else {
config = new CorsConfiguration();
/* Grant limited access from all origins */
config.addAllowedOrigin("*");
config = new CorsConfiguration();
config.addAllowedHeader("Accept");
config.addAllowedOrigin("*");
config.addAllowedHeader("X-Requested-With");
config.addAllowedHeader("Accept");
config.addAllowedMethod("GET");
config.addAllowedHeader("X-Requested-With");
config.setAllowCredentials(true);
config.addAllowedMethod("GET");
source.registerCorsConfiguration("/", config);
source.registerCorsConfiguration("/", config);
source.registerCorsConfiguration("/arsnova-config", config);
source.registerCorsConfiguration("/arsnova-config", config);
source.registerCorsConfiguration("/configuration/", config);
source.registerCorsConfiguration("/configuration/", config);
source.registerCorsConfiguration("/statistics", config);
source.registerCorsConfiguration("/statistics", config);
 
}
return source;
return source;
}
}