diff --git a/pom.xml b/pom.xml
index 5744dc1..862aa65 100644
--- a/pom.xml
+++ b/pom.xml
@@ -73,6 +73,18 @@
jakarta.validation-api
2.0.2
+
+
+ org.springframework.security
+ spring-security-web
+ 6.1.5
+
+
+
+ org.springframework.security
+ spring-security-web
+ 6.1.5
+
diff --git a/src/main/java/com/faf223/expensetrackerfaf/config/CorsConfig.java b/src/main/java/com/faf223/expensetrackerfaf/config/CorsConfig.java
index 458f2ff..c98ccdf 100644
--- a/src/main/java/com/faf223/expensetrackerfaf/config/CorsConfig.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/config/CorsConfig.java
@@ -9,6 +9,6 @@ public class CorsConfig implements WebMvcConfigurer {
@Override
public void addCorsMappings(CorsRegistry registry) {
- registry.addMapping("/**").allowedMethods("*");
+ registry.addMapping("/**").allowedMethods("HEAD", "GET", "PUT", "POST", "DELETE", "PATCH").allowedOrigins("http://localhost:5173/");
}
}
diff --git a/src/main/java/com/faf223/expensetrackerfaf/config/CorsFilter.java b/src/main/java/com/faf223/expensetrackerfaf/config/CorsFilter.java
index 59acdc8..bb34047 100644
--- a/src/main/java/com/faf223/expensetrackerfaf/config/CorsFilter.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/config/CorsFilter.java
@@ -1,2 +1,39 @@
-package com.faf223.expensetrackerfaf.config;public class CorsFilter {
-}
+package com.faf223.expensetrackerfaf.config;
+
+import jakarta.servlet.*;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+
+@Component
+@Order(Ordered.HIGHEST_PRECEDENCE)
+public class CorsFilter implements Filter {
+
+ @Override
+ public void destroy() {
+ }
+
+
+ @Override
+ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+ HttpServletResponse response = (HttpServletResponse) servletResponse;
+ response.setHeader("Access-Control-Allow-Origin", "*");
+ response.setHeader("Access-Control-Allow-Credentials", "true");
+ response.setHeader("Access-Control-Allow-Methods", "POST, GET, HEAD, OPTIONS");
+ response.setHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
+ if ("OPTIONS".equalsIgnoreCase(((HttpServletRequest) servletRequest).getMethod())) {
+ response.setStatus(HttpServletResponse.SC_OK);
+ } else {
+ filterChain.doFilter(servletRequest, response);
+ }
+
+ }
+
+ @Override
+ public void init(FilterConfig config) {
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
index 7343ab9..5fb1804 100644
--- a/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
+++ b/src/main/java/com/faf223/expensetrackerfaf/config/SecurityConfiguration.java
@@ -1,27 +1,21 @@
package com.faf223.expensetrackerfaf.config;
import lombok.RequiredArgsConstructor;
-import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
-import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
-import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
-import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
-import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
@Configuration
@EnableWebSecurity
@@ -35,6 +29,7 @@ public class SecurityConfiguration {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
+ .cors(new CorsConfig())
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/v1/auth/**").permitAll()