|
|
@ -82,8 +82,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
|
|
|
public CorsConfigurationSource corsConfigurationSource() { |
|
|
|
public CorsConfigurationSource corsConfigurationSource() { |
|
|
|
CorsConfiguration configuration = new CorsConfiguration(); |
|
|
|
CorsConfiguration configuration = new CorsConfiguration(); |
|
|
|
configuration.setAllowedOrigins(Arrays.asList("*")); |
|
|
|
configuration.setAllowedOrigins(Arrays.asList("*")); |
|
|
|
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE","OPTIONS")); |
|
|
|
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); |
|
|
|
configuration.setAllowedHeaders(Arrays.asList("x-timezone","Accept-Language","Accept","X-Requested-With", "Content-Type", "Authorization", "X-XSRF-token")); |
|
|
|
configuration.setAllowedHeaders(Arrays.asList("x-timezone", "Accept-Language", "Accept", "X-Requested-With", "Content-Type", "Authorization", "X-XSRF-token")); |
|
|
|
configuration.setAllowCredentials(false); |
|
|
|
configuration.setAllowCredentials(false); |
|
|
|
configuration.setMaxAge(3600L); |
|
|
|
configuration.setMaxAge(3600L); |
|
|
|
|
|
|
|
|
|
|
@ -112,8 +112,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { |
|
|
|
.cors(cors -> corsConfigurationSource()) |
|
|
|
.cors(cors -> corsConfigurationSource()) |
|
|
|
// dont authenticate this particular request
|
|
|
|
// dont authenticate this particular request
|
|
|
|
.authorizeRequests() |
|
|
|
.authorizeRequests() |
|
|
|
.antMatchers(HttpMethod.OPTIONS,"/api/**").permitAll() |
|
|
|
.antMatchers(HttpMethod.OPTIONS, "/api/**").permitAll() |
|
|
|
.antMatchers(HttpMethod.GET,"/ping").permitAll() |
|
|
|
.antMatchers(HttpMethod.GET, "/ping").permitAll() |
|
|
|
.antMatchers("/swagger-ui/**").permitAll() |
|
|
|
.antMatchers("/swagger-ui/**").permitAll() |
|
|
|
.antMatchers(PERMITTED_URL).permitAll() |
|
|
|
.antMatchers(PERMITTED_URL).permitAll() |
|
|
|
// all other requests need to be authenticated
|
|
|
|
// all other requests need to be authenticated
|
|
|
|