feat: allow more customization of cors

Also the default cors allowed origins is now "*" Users must override to narrow the origins : eg : jelu: cors: allowed-origins: - https://jelu.domain1.org - https://jelu.domain2.com
bayang · Apr 29, 2022 · 19e0a58 · 19e0a58
1 parent 3ba6e2d
commit 19e0a58
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/kotlin/io/github/bayang/jelu/config/GlobalConfig.kt b/src/main/kotlin/io/github/bayang/jelu/config/GlobalConfig.kt
@@ -40,7 +40,7 @@ class GlobalConfig {
             registerCorsConfiguration(
                 "/**",
                 CorsConfiguration().applyPermitDefaultValues().apply {
-                    allowedOrigins = if (jeluProperties.cors.allowedOrigins.isNullOrEmpty()) null else jeluProperties.cors.allowedOrigins
+                    allowedOriginPatterns = if (jeluProperties.cors.allowedOrigins.isNullOrEmpty()) listOf("*") else jeluProperties.cors.allowedOrigins
                     allowedMethods = HttpMethod.values().map { it.name }
                     allowCredentials = true
                     addExposedHeader(HttpHeaders.CONTENT_DISPOSITION)