fix: Cors error on staging (#437)

ls1intum · Feb 24, 2025 · 70a059e · 70a059e
1 parent c009a02
commit 70a059e
Showing 1 changed file with 30 additions and 5 deletions.
diff --git a/server/application-server/src/main/java/de/tum/cit/aet/helios/config/SecurityConfig.java b/server/application-server/src/main/java/de/tum/cit/aet/helios/config/SecurityConfig.java
@@ -42,7 +42,8 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         .csrf(AbstractHttpConfigurer::disable) // Disable CSRF
         .authorizeHttpRequests(
             auth -> {
-              auth.requestMatchers(HttpMethod.GET, "/api/**")
+              auth.requestMatchers(HttpMethod.GET,
+                      "/api/**")
                   .permitAll()
                   .requestMatchers(
                       "/auth/**",
@@ -76,14 +77,18 @@ public WebSecurityCustomizer webSecurityCustomizer() {
     return (web) ->
         web.ignoring()
             .requestMatchers(
-                "/v3/api-docs/**", "/v3/api-docs.yaml", "/swagger-ui/**", "/swagger-ui.html");
+                "/v3/api-docs/**",
+                "/v3/api-docs.yaml",
+                "/swagger-ui/**",
+                "/swagger-ui.html");
   }
 
   @Bean
   public WebMvcConfigurer corsConfigurer() {
 
     return new WebMvcConfigurer() {
-      @Autowired private RepositoryInterceptor requestInterceptor;
+      @Autowired
+      private RepositoryInterceptor requestInterceptor;
 
       @Override
       public void addInterceptors(@NonNull InterceptorRegistry registry) {
@@ -97,7 +102,23 @@ public void addCorsMappings(@NotNull CorsRegistry registry) {
           registry
               .addMapping("/api/**")
               .allowedOrigins("https://helios.aet.cit.tum.de")
-              .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+              .allowedMethods("GET",
+                  "POST",
+                  "PUT",
+                  "DELETE",
+                  "OPTIONS")
+              .allowedHeaders("*")
+              .allowCredentials(true);
+        } else if (environment.matchesProfiles("staging")) {
+          // Allow staging domain
+          registry
+              .addMapping("/api/**")
+              .allowedOrigins("https://helios-staging.aet.cit.tum.de")
+              .allowedMethods("GET",
+                  "POST",
+                  "PUT",
+                  "DELETE",
+                  "OPTIONS")
               .allowedHeaders("*")
               .allowCredentials(true);
         } else {
@@ -110,7 +131,11 @@ public void addCorsMappings(@NotNull CorsRegistry registry) {
                   "http://localhost:*",
                   "http://127.0.0.1",
                   "http://127.0.0.1:*")
-              .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+              .allowedMethods("GET",
+                  "POST",
+                  "PUT",
+                  "DELETE",
+                  "OPTIONS")
               .allowedHeaders("*")
               .allowCredentials(true);
         }