vincentguillet/gameovergne-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'dev'

Browse Source
This commit is contained in:
Vincent Guillet
2025-12-05 15:14:50 +01:00
parent cefb3c54c3 3eed3d251f
commit fd538f376f
1 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
View File

@@ -61,17 +61,26 @@ public class SecurityConfig {
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowedOriginPatterns(Arrays.asList(
// IMPORTANT : origins explicites, sans path
config.setAllowedOrigins(Arrays.asList(
"http://localhost:4200",
"http://127.0.0.1:4200",
"https://dev.vincent-guillet.fr",
"https://projets.vincent-guillet.fr"
));
config.setAllowedMethods(Arrays.asList("GET","POST","PUT","DELETE","OPTIONS"));
config.setAllowedHeaders(Arrays.asList("Authorization","Content-Type","Accept"));
config.setExposedHeaders(Arrays.asList("Authorization"));
config.setAllowCredentials(true);
// Autoriser tous les headers côté requête (plus robuste)
config.setAllowedHeaders(Arrays.asList("*"));
// Autoriser les méthodes classiques
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
// Headers que le client *voit* dans la réponse
config.setExposedHeaders(Arrays.asList("Authorization", "Content-Type"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config);
return source;