From 070dde4e691c923c4ef9a049e4d2517d68b1e42a Mon Sep 17 00:00:00 2001 From: Claudio Maggioni Date: Tue, 10 Mar 2020 15:03:23 +0100 Subject: [PATCH] Fixed CORS config --- .../smarthut/config/CORSFilter.java | 27 +++++++++++++++---- .../config/JWTAuthenticationEntryPoint.java | 6 ++++- 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java index da44592..7df826d 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java @@ -1,6 +1,7 @@ package ch.usi.inf.sa4.sanmarinoes.smarthut.config; import java.io.IOException; +import java.util.List; import javax.servlet.*; import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; @@ -13,16 +14,32 @@ import org.springframework.stereotype.Component; @Component public class CORSFilter implements Filter { - @Override - public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) - throws IOException, ServletException { - HttpServletResponse response = (HttpServletResponse) res; + static void setCORSHeaders(HttpServletResponse response) { response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "HEAD, PUT, POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader( "Access-Control-Allow-Headers", - "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers"); + String.join( + ",", + List.of( + "Access-Control-Allow-Headers", + "Origin", + "Accept", + "X-Requested-With", + "Authorization", + "Content-Type", + "Access-Control-Request-Method", + "Access-Control-Request-Headers"))); + } + + @Override + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) + throws IOException, ServletException { + final HttpServletResponse response = (HttpServletResponse) res; + + setCORSHeaders(response); + chain.doFilter(req, res); } diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/JWTAuthenticationEntryPoint.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/JWTAuthenticationEntryPoint.java index 7dfc16d..5c91217 100644 --- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/JWTAuthenticationEntryPoint.java +++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/JWTAuthenticationEntryPoint.java @@ -16,6 +16,10 @@ public class JWTAuthenticationEntryPoint implements AuthenticationEntryPoint { HttpServletResponse response, AuthenticationException authException) throws IOException { - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"); + if (!"OPTIONS".equals(request.getMethod())) { + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"); + } else { + CORSFilter.setCORSHeaders(response); + } } }