From 5d5de6115038cae43b30dbe204ef5d9219fd1081 Mon Sep 17 00:00:00 2001
From: Rainnny7 <braydonrainnny@gmail.com>
Date: Thu, 19 Sep 2024 00:31:16 -0400
Subject: [PATCH] allow all option requests (:

---
 src/main/java/cc/pulseapp/api/PulseAPI.java                 | 4 ----
 src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java | 5 +++--
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/main/java/cc/pulseapp/api/PulseAPI.java b/src/main/java/cc/pulseapp/api/PulseAPI.java
index 693fe48..b5ebf00 100644
--- a/src/main/java/cc/pulseapp/api/PulseAPI.java
+++ b/src/main/java/cc/pulseapp/api/PulseAPI.java
@@ -50,10 +50,6 @@ public class PulseAPI {
             @Override
             public void addCorsMappings(@NonNull CorsRegistry registry) {
                 // Allow all origins to access the API
-//                registry.addMapping("/**")
-//                        .allowedMethods(Arrays.stream(HttpMethod.values()).map(HttpMethod::name).toArray(String[]::new)) // Allow all methods
-//                        .allowedHeaders("*")
-//                        .allowCredentials(true);
                 registry.addMapping("/**")
                         .allowedOrigins("*") // Allow all origins
                         .allowedMethods("*") // Allow all methods
diff --git a/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java b/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java
index e6e0527..3e3e742 100644
--- a/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java
+++ b/src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java
@@ -11,6 +11,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -49,13 +50,13 @@ public class WebSecurityConfig {
             authentication.setAuthenticated(true); // Mark the session as authenticated
             return authentication;
         });
-        return http.cors(AbstractHttpConfigurer::disable)
-                .csrf(AbstractHttpConfigurer::disable) // Disable CSRF
+        return http.csrf(AbstractHttpConfigurer::disable) // Disable CSRF
                 .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // No sessions
                 .formLogin(AbstractHttpConfigurer::disable) // Disable form logins
                 .securityMatcher("/**") // Require auth for all routes
                 .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class) // Add the auth token filter
                 .authorizeHttpRequests(registry -> registry // Except for the following routes
+                        .requestMatchers(HttpMethod.OPTIONS,"/**").permitAll()
                         .requestMatchers(AntPathRequestMatcher.antMatcher("/")).permitAll()
                         .requestMatchers(AntPathRequestMatcher.antMatcher("/error")).permitAll()
                         .requestMatchers(AntPathRequestMatcher.antMatcher("/v*/auth/register")).permitAll()