Fix cors issues

2017-06-13 22:10:57 +02:00 · 2017-06-13 22:10:57 +02:00 · a1dca0fd01
parent 7cf478451b
commit a1dca0fd01
4 changed files with 40 additions and 15 deletions
--- a/common/src/main/java/ba/steleks/CrossOriginConfig.java
+++ b/common/src/main/java/ba/steleks/CrossOriginConfig.java
@ -2,6 +2,7 @@ package ba.steleks;
 /**
 * Created by admin on 06/05/2017.
 */
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.cors.CorsConfiguration;
@ -11,19 +12,21 @@ import org.springframework.web.filter.CorsFilter;
@Configuration
 public class CrossOriginConfig {

-    @Bean
-    public CorsFilter corsFilter() {
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        CorsConfiguration config = new CorsConfiguration();
-        config.setAllowCredentials(true);
-        config.addAllowedOrigin("*");
-        config.addAllowedHeader("*");
-        config.addAllowedMethod("OPTIONS");
-        config.addAllowedMethod("GET");
-        config.addAllowedMethod("POST");
-        config.addAllowedMethod("PUT");
-        config.addAllowedMethod("DELETE");
-        source.registerCorsConfiguration("/**", config);
-        return new CorsFilter(source);
-    }
+//    @Bean
+//    public FilterRegistrationBean corsFilter() {
+//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+//        CorsConfiguration config = new CorsConfiguration();
+//        config.setAllowCredentials(true);
+//        config.addAllowedOrigin("*");
+//        config.addAllowedHeader("*");
+//        config.addAllowedMethod("OPTIONS");
+//        config.addAllowedMethod("GET");
+//        config.addAllowedMethod("POST");
+//        config.addAllowedMethod("PUT");
+//        config.addAllowedMethod("DELETE");
+//        source.registerCorsConfiguration("/**", config);
+//        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
+//        bean.setOrder(0);
+//        return bean;
+//    }
 }
--- a/steleks-proxy/src/main/java/ba/steles/SteleksProxyApplication.java
+++ b/steleks-proxy/src/main/java/ba/steles/SteleksProxyApplication.java
@ -17,4 +17,22 @@ public class SteleksProxyApplication {
 	public static void main(String[] args) {
 		SpringApplication.run(SteleksProxyApplication.class, args);
 	}
+
+	@Bean
+	public CorsFilter corsFilter() {
+		final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+		final CorsConfiguration config = new CorsConfiguration();
+		config.setAllowCredentials(true);
+		config.addAllowedOrigin("*");
+		config.addAllowedHeader("*");
+		config.addAllowedMethod("OPTIONS");
+		config.addAllowedMethod("HEAD");
+		config.addAllowedMethod("GET");
+		config.addAllowedMethod("PUT");
+		config.addAllowedMethod("POST");
+		config.addAllowedMethod("DELETE");
+		config.addAllowedMethod("PATCH");
+		source.registerCorsConfiguration("/**", config);
+		return new CorsFilter(source);
+	}
 }
--- a/steleks-proxy/src/main/java/ba/steles/security/RelayTokenFilter.java
+++ b/steleks-proxy/src/main/java/ba/steles/security/RelayTokenFilter.java
@ -20,6 +20,8 @@ public class RelayTokenFilter extends ZuulFilter {
        Set<String> headers = (Set<String>) ctx.get("ignoredHeaders");
        // We need our tokens relayed to resource servers
        headers.remove("authorization");
+        headers.add("Access-Control-Allow-Origin");
+        headers.add("Access-Control-Allow-Credentials");

        return null;
    }
--- a/steleks-proxy/src/main/java/ba/steles/security/SecurityConfig.java
+++ b/steleks-proxy/src/main/java/ba/steles/security/SecurityConfig.java
@ -8,6 +8,7 @@ import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@ -30,6 +31,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests()
+                .antMatchers(HttpMethod.OPTIONS).permitAll()
                .antMatchers("/users/**", "/users", "/").permitAll()
                .anyRequest().authenticated()
                .and()