allow all option requests (:

2024-09-19 00:31:16 -04:00 · 2024-09-19 00:31:16 -04:00 · 5d5de61150
commit 5d5de61150
parent 59ba94f6b7
2 changed files with 3 additions and 6 deletions
--- a/src/main/java/cc/pulseapp/api/PulseAPI.java
+++ b/src/main/java/cc/pulseapp/api/PulseAPI.java
@ -50,10 +50,6 @@ public class PulseAPI {
            @Override
            public void addCorsMappings(@NonNull CorsRegistry registry) {
                // Allow all origins to access the API
-//                registry.addMapping("/**")
-//                        .allowedMethods(Arrays.stream(HttpMethod.values()).map(HttpMethod::name).toArray(String[]::new)) // Allow all methods
-//                        .allowedHeaders("*")
-//                        .allowCredentials(true);
                registry.addMapping("/**")
                        .allowedOrigins("*") // Allow all origins
                        .allowedMethods("*") // Allow all methods
--- a/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java
+++ b/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java
@ -11,6 +11,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@ -49,13 +50,13 @@ public class WebSecurityConfig {
            authentication.setAuthenticated(true); // Mark the session as authenticated
            return authentication;
        });
-        return http.cors(AbstractHttpConfigurer::disable)
-                .csrf(AbstractHttpConfigurer::disable) // Disable CSRF
+        return http.csrf(AbstractHttpConfigurer::disable) // Disable CSRF
                .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // No sessions
                .formLogin(AbstractHttpConfigurer::disable) // Disable form logins
                .securityMatcher("/**") // Require auth for all routes
                .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class) // Add the auth token filter
                .authorizeHttpRequests(registry -> registry // Except for the following routes
+                        .requestMatchers(HttpMethod.OPTIONS,"/**").permitAll()
                        .requestMatchers(AntPathRequestMatcher.antMatcher("/")).permitAll()
                        .requestMatchers(AntPathRequestMatcher.antMatcher("/error")).permitAll()
                        .requestMatchers(AntPathRequestMatcher.antMatcher("/v*/auth/register")).permitAll()