webadmin/okaeri-timings
1
0
Fork 0
mirror of https://github.com/OkaeriPoland/okaeri-timings.git synced 2026-01-18 03:28:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix CORS config incorrectly allowing credentials

Browse Source
This commit is contained in:
Sandra
2022-01-28 20:24:11 +01:00
parent 0ae155cce7
commit 6030764f18
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/api/src/main/java/eu/okaeri/timings/api/security/SecurityConfig.java
View File

@@ -26,9 +26,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
public CorsFilter corsFilter() { public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration(); CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true); config.setAllowCredentials(false);
config.setAllowedOrigins(List.of("*")); config.setAllowedOrigins(List.of("*"));
config.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept", "Authorization")); config.setAllowedHeaders(Arrays.asList("Origin", "Content-Type", "Accept"));
config.setAllowedMethods(List.of("*")); config.setAllowedMethods(List.of("*"));
source.registerCorsConfiguration("/**", config); source.registerCorsConfiguration("/**", config);
return new CorsFilter(source); return new CorsFilter(source);