spring-data-rest icon indicating copy to clipboard operation
spring-data-rest copied to clipboard

Does CORS configuration in Spring Security override CORS configuration in RepositoryRestConfigurer?

Open gd08xxx opened this issue 3 years ago • 0 comments

I added CORS configuration in Spring Security like this:

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
class AppWebSecurityConfigurerAdapter : WebSecurityConfigurerAdapter() {

    override fun configure(http: HttpSecurity?) {
        http {
            csrf {
                disable()
            }
            cors {}
            sessionManagement {
                sessionCreationPolicy = SessionCreationPolicy.STATELESS
            }
            addFilterAt<UsernamePasswordAuthenticationFilter>(
                JwtUsernameAndPasswordAuthenticationFilter(
                    authenticationManager(),
                    jwtConfiguration,
                    secretKey,
                    repository
                )
            ) 
            authorizeRequests {
                authorize(anyRequest, permitAll)
            }
        }
    } 
 
    @Bean
    fun corsConfigurationSource(): CorsConfigurationSource {
        val configuration = CorsConfiguration().apply {
            allowedOriginPatterns = listOf("http://localhost:[*]")
            allowedMethods = listOf("*")
            allowedHeaders = listOf("*")
            exposedHeaders = listOf("*")
            maxAge = 1800L
            allowCredentials = true
        }
        return UrlBasedCorsConfigurationSource().apply {
            registerCorsConfiguration("/**", configuration)
        }
    }
}

and CORS in RepositoryRestConfigurer like this

@Component
class AppRepositoryRestConfigurer : RepositoryRestConfigurer {
    override fun configureRepositoryRestConfiguration(config: RepositoryRestConfiguration?, cors: CorsRegistry?) {
        cors?.addMapping("/**")?.allowedOriginPatterns("http://localhost:[*]")?.allowedHeaders("GET", "POST", "DELETE")
    }
}

What is the final CORS configuration?

gd08xxx avatar Jun 27 '22 10:06 gd08xxx