vincentguillet/gameovergne-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: vincentguillet:cefb3c54c38f408b7a483505437e5bf7296e47f3
Branches Tags
vincentguillet:main vincentguillet:dev
..
compare: vincentguillet:fd538f376f6ad78a2ac1c8537123fb2126b4cdc1
Branches Tags
vincentguillet:main vincentguillet:dev

2 Commits
cefb3c54c3 ... fd538f376f

Author SHA1 Message Date
Vincent Guillet
fd538f376f Merge branch 'dev' 2025-12-05 15:14:50 +01:00
Vincent Guillet
3eed3d251f Refactor CORS configuration to use allowed origins and enhance header handling 2025-12-05 15:14:16 +01:00
1 changed files with 18 additions and 9 deletions
Expand all files Collapse all files

27
api/src/main/java/fr/gameovergne/api/config/SecurityConfig.java
View File

@@ -61,17 +61,26 @@ public class SecurityConfig {
@Bean @Bean
public CorsConfigurationSource corsConfigurationSource() { public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration(); CorsConfiguration config = new CorsConfiguration();
config.setAllowedOriginPatterns(Arrays.asList(
"http://localhost:4200", // IMPORTANT : origins explicites, sans path
"http://127.0.0.1:4200", config.setAllowedOrigins(Arrays.asList(
"https://dev.vincent-guillet.fr", "http://localhost:4200",
"https://projets.vincent-guillet.fr" "http://127.0.0.1:4200",
)); "https://dev.vincent-guillet.fr",
config.setAllowedMethods(Arrays.asList("GET","POST","PUT","DELETE","OPTIONS")); "https://projets.vincent-guillet.fr"
config.setAllowedHeaders(Arrays.asList("Authorization","Content-Type","Accept")); ));
config.setExposedHeaders(Arrays.asList("Authorization"));
config.setAllowCredentials(true); config.setAllowCredentials(true);
// Autoriser tous les headers côté requête (plus robuste)
config.setAllowedHeaders(Arrays.asList("*"));
// Autoriser les méthodes classiques
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
// Headers que le client *voit* dans la réponse
config.setExposedHeaders(Arrays.asList("Authorization", "Content-Type"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", config); source.registerCorsConfiguration("/**", config);
return source; return source;