RHPAM-4111: Use allowedOriginPatterns() to fix CORS configuration

`Access-Control-Allow-Origin: *` is not allowed when `Access-Control-Allow-Credentials: true`. Spring introduced allowedOriginPatterns() in 5.3.2. If any of the patterns matches the origin of the _request_, the it is used as a value of `Access-Control-Allow-Origin` in the response. For context, see spring-projects/spring-framework#26111.
kiegroup · Jan 26, 2022 · 42e85f9 · 42e85f9
1 parent 1fe6aec
commit 42e85f9
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/...ng-backend/src/main/java/org/optaweb/vehiclerouting/plugin/websocket/WebSocketConfig.java b/...ng-backend/src/main/java/org/optaweb/vehiclerouting/plugin/websocket/WebSocketConfig.java
@@ -18,6 +18,7 @@
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.simp.config.MessageBrokerRegistry;
+import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.socket.config.annotation.EnableWebSocketMessageBroker;
 import org.springframework.web.socket.config.annotation.StompEndpointRegistry;
 import org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer;
@@ -39,7 +40,7 @@ public void registerStompEndpoints(StompEndpointRegistry registry) {
         // for the WebSocket handshake.
         registry
                 .addEndpoint("/vrp-websocket")
-                .setAllowedOrigins("*")
+                .setAllowedOriginPatterns(CorsConfiguration.ALL)
                 .withSockJS();
     }