Fix cors issues

master
esensar 2017-06-13 22:10:57 +02:00
parent 7cf478451b
commit a1dca0fd01
4 changed files with 40 additions and 15 deletions

View File

@ -2,6 +2,7 @@ package ba.steleks;
/** /**
* Created by admin on 06/05/2017. * Created by admin on 06/05/2017.
*/ */
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfiguration;
@ -11,19 +12,21 @@ import org.springframework.web.filter.CorsFilter;
@Configuration @Configuration
public class CrossOriginConfig { public class CrossOriginConfig {
@Bean // @Bean
public CorsFilter corsFilter() { // public FilterRegistrationBean corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); // UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration(); // CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true); // config.setAllowCredentials(true);
config.addAllowedOrigin("*"); // config.addAllowedOrigin("*");
config.addAllowedHeader("*"); // config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS"); // config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("GET"); // config.addAllowedMethod("GET");
config.addAllowedMethod("POST"); // config.addAllowedMethod("POST");
config.addAllowedMethod("PUT"); // config.addAllowedMethod("PUT");
config.addAllowedMethod("DELETE"); // config.addAllowedMethod("DELETE");
source.registerCorsConfiguration("/**", config); // source.registerCorsConfiguration("/**", config);
return new CorsFilter(source); // FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
} // bean.setOrder(0);
// return bean;
// }
} }

View File

@ -17,4 +17,22 @@ public class SteleksProxyApplication {
public static void main(String[] args) { public static void main(String[] args) {
SpringApplication.run(SteleksProxyApplication.class, args); SpringApplication.run(SteleksProxyApplication.class, args);
} }
@Bean
public CorsFilter corsFilter() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
final CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("OPTIONS");
config.addAllowedMethod("HEAD");
config.addAllowedMethod("GET");
config.addAllowedMethod("PUT");
config.addAllowedMethod("POST");
config.addAllowedMethod("DELETE");
config.addAllowedMethod("PATCH");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
} }

View File

@ -20,6 +20,8 @@ public class RelayTokenFilter extends ZuulFilter {
Set<String> headers = (Set<String>) ctx.get("ignoredHeaders"); Set<String> headers = (Set<String>) ctx.get("ignoredHeaders");
// We need our tokens relayed to resource servers // We need our tokens relayed to resource servers
headers.remove("authorization"); headers.remove("authorization");
headers.add("Access-Control-Allow-Origin");
headers.add("Access-Control-Allow-Credentials");
return null; return null;
} }

View File

@ -8,6 +8,7 @@ import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@ -30,6 +31,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests() http.csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/users/**", "/users", "/").permitAll() .antMatchers("/users/**", "/users", "/").permitAll()
.anyRequest().authenticated() .anyRequest().authenticated()
.and() .and()