diff --git a/src/main/java/com/sellbycar/marketplace/config/SecurityConfig.java b/src/main/java/com/sellbycar/marketplace/config/SecurityConfig.java index 7aa33f1..cefc295 100644 --- a/src/main/java/com/sellbycar/marketplace/config/SecurityConfig.java +++ b/src/main/java/com/sellbycar/marketplace/config/SecurityConfig.java @@ -4,8 +4,10 @@ import com.sellbycar.marketplace.auth.AuthTokenFilter; import com.sellbycar.marketplace.user.UserDetailsServiceImpl; import lombok.RequiredArgsConstructor; +import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.Ordered; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.dao.DaoAuthenticationProvider; @@ -19,6 +21,9 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import org.springframework.web.filter.CorsFilter; @Configuration @EnableWebSecurity @@ -100,4 +105,19 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { return http.build(); } + + @Bean + public FilterRegistrationBean processCorsFilter() { + final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + final CorsConfiguration config = new CorsConfiguration(); + config.setAllowCredentials(true); + config.addAllowedOrigin("'"); + config.addAllowedHeader("*"); + config.addAllowedMethod("*"); + source.registerCorsConfiguration("/**", config); + + final FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source)); + bean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return bean; + } }