diff --git a/common/src/main/java/ba/steleks/CrossOriginConfig.java b/common/src/main/java/ba/steleks/CrossOriginConfig.java index d7ba93e..36fbce1 100644 --- a/common/src/main/java/ba/steleks/CrossOriginConfig.java +++ b/common/src/main/java/ba/steleks/CrossOriginConfig.java @@ -2,6 +2,7 @@ package ba.steleks; /** * Created by admin on 06/05/2017. */ +import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.cors.CorsConfiguration; @@ -11,19 +12,21 @@ import org.springframework.web.filter.CorsFilter; @Configuration public class CrossOriginConfig { - @Bean - public CorsFilter corsFilter() { - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - CorsConfiguration config = new CorsConfiguration(); - config.setAllowCredentials(true); - config.addAllowedOrigin("*"); - config.addAllowedHeader("*"); - config.addAllowedMethod("OPTIONS"); - config.addAllowedMethod("GET"); - config.addAllowedMethod("POST"); - config.addAllowedMethod("PUT"); - config.addAllowedMethod("DELETE"); - source.registerCorsConfiguration("/**", config); - return new CorsFilter(source); - } +// @Bean +// public FilterRegistrationBean corsFilter() { +// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); +// CorsConfiguration config = new CorsConfiguration(); +// config.setAllowCredentials(true); +// config.addAllowedOrigin("*"); +// config.addAllowedHeader("*"); +// config.addAllowedMethod("OPTIONS"); +// config.addAllowedMethod("GET"); +// config.addAllowedMethod("POST"); +// config.addAllowedMethod("PUT"); +// config.addAllowedMethod("DELETE"); +// source.registerCorsConfiguration("/**", config); +// FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source)); +// bean.setOrder(0); +// return bean; +// } } \ No newline at end of file diff --git a/steleks-proxy/src/main/java/ba/steles/SteleksProxyApplication.java b/steleks-proxy/src/main/java/ba/steles/SteleksProxyApplication.java index a4cfc3f..458a32c 100644 --- a/steleks-proxy/src/main/java/ba/steles/SteleksProxyApplication.java +++ b/steleks-proxy/src/main/java/ba/steles/SteleksProxyApplication.java @@ -17,4 +17,22 @@ public class SteleksProxyApplication { public static void main(String[] args) { SpringApplication.run(SteleksProxyApplication.class, args); } + + @Bean + public CorsFilter corsFilter() { + final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + final CorsConfiguration config = new CorsConfiguration(); + config.setAllowCredentials(true); + config.addAllowedOrigin("*"); + config.addAllowedHeader("*"); + config.addAllowedMethod("OPTIONS"); + config.addAllowedMethod("HEAD"); + config.addAllowedMethod("GET"); + config.addAllowedMethod("PUT"); + config.addAllowedMethod("POST"); + config.addAllowedMethod("DELETE"); + config.addAllowedMethod("PATCH"); + source.registerCorsConfiguration("/**", config); + return new CorsFilter(source); + } } diff --git a/steleks-proxy/src/main/java/ba/steles/security/RelayTokenFilter.java b/steleks-proxy/src/main/java/ba/steles/security/RelayTokenFilter.java index 4376b10..220a4a4 100644 --- a/steleks-proxy/src/main/java/ba/steles/security/RelayTokenFilter.java +++ b/steleks-proxy/src/main/java/ba/steles/security/RelayTokenFilter.java @@ -20,6 +20,8 @@ public class RelayTokenFilter extends ZuulFilter { Set headers = (Set) ctx.get("ignoredHeaders"); // We need our tokens relayed to resource servers headers.remove("authorization"); + headers.add("Access-Control-Allow-Origin"); + headers.add("Access-Control-Allow-Credentials"); return null; } diff --git a/steleks-proxy/src/main/java/ba/steles/security/SecurityConfig.java b/steleks-proxy/src/main/java/ba/steles/security/SecurityConfig.java index 18497b5..2fdbeab 100644 --- a/steleks-proxy/src/main/java/ba/steles/security/SecurityConfig.java +++ b/steleks-proxy/src/main/java/ba/steles/security/SecurityConfig.java @@ -8,6 +8,7 @@ import org.springframework.boot.web.client.RestTemplateBuilder; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -30,6 +31,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests() + .antMatchers(HttpMethod.OPTIONS).permitAll() .antMatchers("/users/**", "/users", "/").permitAll() .anyRequest().authenticated() .and()