PulseApp/API
PulseApp/API
1
0
Fork 0
Code Issues Pull Requests 7 Actions Activity

allow all option requests (:
All checks were successful
Deploy API / deploy (ubuntu-latest, 2.44.0) (push) Successful in 48s
Details

Browse Source
This commit is contained in:
Braydon 2024-09-19 00:31:16 -04:00
parent 59ba94f6b7
commit 5d5de61150
2 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/cc/pulseapp/api/PulseAPI.java
View File

@ -50,10 +50,6 @@ public class PulseAPI {
@Override @Override
public void addCorsMappings(@NonNull CorsRegistry registry) { public void addCorsMappings(@NonNull CorsRegistry registry) {
// Allow all origins to access the API // Allow all origins to access the API
// registry.addMapping("/**")
// .allowedMethods(Arrays.stream(HttpMethod.values()).map(HttpMethod::name).toArray(String[]::new)) // Allow all methods
// .allowedHeaders("*")
// .allowCredentials(true);
registry.addMapping("/**") registry.addMapping("/**")
.allowedOrigins("*") // Allow all origins .allowedOrigins("*") // Allow all origins
.allowedMethods("*") // Allow all methods .allowedMethods("*") // Allow all methods

5
src/main/java/cc/pulseapp/api/config/WebSecurityConfig.java
View File

@ -11,6 +11,7 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@ -49,13 +50,13 @@ public class WebSecurityConfig {
authentication.setAuthenticated(true); // Mark the session as authenticated authentication.setAuthenticated(true); // Mark the session as authenticated
return authentication; return authentication;
}); });
return http.cors(AbstractHttpConfigurer::disable) return http.csrf(AbstractHttpConfigurer::disable) // Disable CSRF
.csrf(AbstractHttpConfigurer::disable) // Disable CSRF
.sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // No sessions .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // No sessions
.formLogin(AbstractHttpConfigurer::disable) // Disable form logins .formLogin(AbstractHttpConfigurer::disable) // Disable form logins
.securityMatcher("/**") // Require auth for all routes .securityMatcher("/**") // Require auth for all routes
.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class) // Add the auth token filter .addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class) // Add the auth token filter
.authorizeHttpRequests(registry -> registry // Except for the following routes .authorizeHttpRequests(registry -> registry // Except for the following routes
.requestMatchers(HttpMethod.OPTIONS,"/**").permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/")).permitAll() .requestMatchers(AntPathRequestMatcher.antMatcher("/")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/error")).permitAll() .requestMatchers(AntPathRequestMatcher.antMatcher("/error")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/v*/auth/register")).permitAll() .requestMatchers(AntPathRequestMatcher.antMatcher("/v*/auth/register")).permitAll()