From 070dde4e691c923c4ef9a049e4d2517d68b1e42a Mon Sep 17 00:00:00 2001
From: Claudio Maggioni <maggicl@usi.ch>
Date: Tue, 10 Mar 2020 15:03:23 +0100
Subject: [PATCH] Fixed CORS config

---
 .../smarthut/config/CORSFilter.java           | 27 +++++++++++++++----
 .../config/JWTAuthenticationEntryPoint.java   |  6 ++++-
 2 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java
index da44592..7df826d 100644
--- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java
+++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/CORSFilter.java
@@ -1,6 +1,7 @@
 package ch.usi.inf.sa4.sanmarinoes.smarthut.config;
 
 import java.io.IOException;
+import java.util.List;
 import javax.servlet.*;
 import javax.servlet.http.HttpServletResponse;
 import org.springframework.stereotype.Component;
@@ -13,16 +14,32 @@ import org.springframework.stereotype.Component;
 @Component
 public class CORSFilter implements Filter {
 
-    @Override
-    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
-            throws IOException, ServletException {
-        HttpServletResponse response = (HttpServletResponse) res;
+    static void setCORSHeaders(HttpServletResponse response) {
         response.setHeader("Access-Control-Allow-Origin", "*");
         response.setHeader("Access-Control-Allow-Methods", "HEAD, PUT, POST, GET, OPTIONS, DELETE");
         response.setHeader("Access-Control-Max-Age", "3600");
         response.setHeader(
                 "Access-Control-Allow-Headers",
-                "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
+                String.join(
+                        ",",
+                        List.of(
+                                "Access-Control-Allow-Headers",
+                                "Origin",
+                                "Accept",
+                                "X-Requested-With",
+                                "Authorization",
+                                "Content-Type",
+                                "Access-Control-Request-Method",
+                                "Access-Control-Request-Headers")));
+    }
+
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+            throws IOException, ServletException {
+        final HttpServletResponse response = (HttpServletResponse) res;
+
+        setCORSHeaders(response);
+
         chain.doFilter(req, res);
     }
 
diff --git a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/JWTAuthenticationEntryPoint.java b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/JWTAuthenticationEntryPoint.java
index 7dfc16d..5c91217 100644
--- a/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/JWTAuthenticationEntryPoint.java
+++ b/src/main/java/ch/usi/inf/sa4/sanmarinoes/smarthut/config/JWTAuthenticationEntryPoint.java
@@ -16,6 +16,10 @@ public class JWTAuthenticationEntryPoint implements AuthenticationEntryPoint {
             HttpServletResponse response,
             AuthenticationException authException)
             throws IOException {
-        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+        if (!"OPTIONS".equals(request.getMethod())) {
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+        } else {
+            CORSFilter.setCORSHeaders(response);
+        }
     }
 }