From 19e0a5885f9804e8667dbab1472e4df6d24102bd Mon Sep 17 00:00:00 2001
From: bayang <wabayang@gmail.com>
Date: Fri, 29 Apr 2022 22:08:17 +0200
Subject: [PATCH] feat: allow more customization of cors

Also the default cors allowed origins is now "*"
Users must override to narrow the origins :

eg :
jelu:
  cors:
    allowed-origins:
      - https://jelu.domain1.org
      - https://jelu.domain2.com
---
 src/main/kotlin/io/github/bayang/jelu/config/GlobalConfig.kt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/kotlin/io/github/bayang/jelu/config/GlobalConfig.kt b/src/main/kotlin/io/github/bayang/jelu/config/GlobalConfig.kt
index f4ce63bd..2ea1500f 100644
--- a/src/main/kotlin/io/github/bayang/jelu/config/GlobalConfig.kt
+++ b/src/main/kotlin/io/github/bayang/jelu/config/GlobalConfig.kt
@@ -40,7 +40,7 @@ class GlobalConfig {
             registerCorsConfiguration(
                 "/**",
                 CorsConfiguration().applyPermitDefaultValues().apply {
-                    allowedOrigins = if (jeluProperties.cors.allowedOrigins.isNullOrEmpty()) null else jeluProperties.cors.allowedOrigins
+                    allowedOriginPatterns = if (jeluProperties.cors.allowedOrigins.isNullOrEmpty()) listOf("*") else jeluProperties.cors.allowedOrigins
                     allowedMethods = HttpMethod.values().map { it.name }
                     allowCredentials = true
                     addExposedHeader(HttpHeaders.CONTENT_DISPOSITION)