From 5d5de6115038cae43b30dbe204ef5d9219fd1081 Mon Sep 17 00:00:00 2001 From: Rainnny7 Date: Thu, 19 Sep 2024 00:31:16 -0400 Subject: [PATCH] allow all option requests (: --- src/main/java/cc/pulseapp/api/PulseAPI.java | 4 ---- src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java | 5 +++-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/main/java/cc/pulseapp/api/PulseAPI.java b/src/main/java/cc/pulseapp/api/PulseAPI.java index 693fe48..b5ebf00 100644 --- a/src/main/java/cc/pulseapp/api/PulseAPI.java +++ b/src/main/java/cc/pulseapp/api/PulseAPI.java @@ -50,10 +50,6 @@ public class PulseAPI { @Override public void addCorsMappings(@NonNull CorsRegistry registry) { // Allow all origins to access the API -// registry.addMapping("/**") -// .allowedMethods(Arrays.stream(HttpMethod.values()).map(HttpMethod::name).toArray(String[]::new)) // Allow all methods -// .allowedHeaders("*") -// .allowCredentials(true); registry.addMapping("/**") .allowedOrigins("*") // Allow all origins .allowedMethods("*") // Allow all methods diff --git a/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java b/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java index e6e0527..3e3e742 100644 --- a/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java +++ b/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java @@ -11,6 +11,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -49,13 +50,13 @@ public class WebSecurityConfig { authentication.setAuthenticated(true); // Mark the session as authenticated return authentication; }); - return http.cors(AbstractHttpConfigurer::disable) - .csrf(AbstractHttpConfigurer::disable) // Disable CSRF + return http.csrf(AbstractHttpConfigurer::disable) // Disable CSRF .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // No sessions .formLogin(AbstractHttpConfigurer::disable) // Disable form logins .securityMatcher("/**") // Require auth for all routes .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class) // Add the auth token filter .authorizeHttpRequests(registry -> registry // Except for the following routes + .requestMatchers(HttpMethod.OPTIONS,"/**").permitAll() .requestMatchers(AntPathRequestMatcher.antMatcher("/")).permitAll() .requestMatchers(AntPathRequestMatcher.antMatcher("/error")).permitAll() .requestMatchers(AntPathRequestMatcher.antMatcher("/v*/auth/register")).permitAll()