Skip to content

Commit

Permalink
Merge pull request #10574 from cBioPortal/feature/Add-back-Cors
Browse files Browse the repository at this point in the history
🔒 Add Cors Config Back
  • Loading branch information
inodb authored Jan 26, 2024
2 parents 2f5087a + 92d5c35 commit cf8c945
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.GrantedAuthority;
Expand Down Expand Up @@ -43,6 +44,7 @@ public class OAuth2SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http, ClientRegistrationRepository clientRegistrationRepository) throws Exception {
http.csrf(AbstractHttpConfigurer::disable)
.cors(Customizer.withDefaults())
.authorizeHttpRequests(authorize ->
authorize
.requestMatchers("/api/health", LOGIN_URL, "/images/**").permitAll()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
Expand All @@ -25,6 +26,7 @@ public SecurityFilterChain optionalOAuth2filterChain(HttpSecurity http) throws E
.authorizeHttpRequests(auth -> auth
.requestMatchers("/").permitAll()
.anyRequest().permitAll())
.cors(Customizer.withDefaults())
.csrf(AbstractHttpConfigurer::disable)
.logout(logout -> logout.logoutSuccessUrl("/"))
.build();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
import org.springframework.context.annotation.Configuration;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
Expand Down Expand Up @@ -43,6 +44,7 @@ public class Saml2SecurityConfig {
@Bean
public SecurityFilterChain samlFilterChain(HttpSecurity http, RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) throws Exception {
return http.csrf(AbstractHttpConfigurer::disable)
.cors(Customizer.withDefaults())
.authorizeHttpRequests(auth ->
auth.requestMatchers("/api/health", "/images/**", "/js/**", "/login").permitAll()
.anyRequest().authenticated())
Expand Down

0 comments on commit cf8c945

Please sign in to comment.