From bab1d50fc84ad0274e3401acb2079b392de39113 Mon Sep 17 00:00:00 2001
From: Lauro Correia Silveira <lauro.silveira@outlook.com.br>
Date: Wed, 20 Dec 2023 09:23:10 +0100
Subject: [PATCH 1/3] Setup Cros configuration to allow between railway and
 spring requests (#85)

---
 .../infraestructure/security/SecurityConfigurations.java        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
index 28641fb..95fd5f2 100644
--- a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
+++ b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
@@ -62,7 +62,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
   @Bean
    public CorsConfigurationSource corsConfigurationSource() {
     CorsConfiguration configuration = new CorsConfiguration();
-    configuration.setAllowedOrigins(List.of("https://alura-flix-api-production.up.railway.app"));
+    configuration.setAllowedOrigins(List.of("http://alura-flix-api-production.up.railway.app"));
     configuration.setAllowedMethods(Arrays.asList("GET","POST"));
     UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
     source.registerCorsConfiguration("/**", configuration);

From 59fc28d88e8d1ea07819f03662342f4b0adc28c8 Mon Sep 17 00:00:00 2001
From: Lauro Correia Silveira <lauro.silveira@outlook.com.br>
Date: Wed, 20 Dec 2023 09:48:19 +0100
Subject: [PATCH 2/3] Setup Cros configuration to allow between railway and
 spring requests (#85) (#86)

---
 .../infraestructure/security/SecurityConfigurations.java     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
index 95fd5f2..c025722 100644
--- a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
+++ b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
@@ -62,8 +62,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
   @Bean
    public CorsConfigurationSource corsConfigurationSource() {
     CorsConfiguration configuration = new CorsConfiguration();
-    configuration.setAllowedOrigins(List.of("http://alura-flix-api-production.up.railway.app"));
-    configuration.setAllowedMethods(Arrays.asList("GET","POST"));
+    configuration.setAllowedOrigins(List.of("*"));
+    configuration.setAllowedMethods(List.of("*"));
+    configuration.setAllowedHeaders(List.of("*"));
     UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
     source.registerCorsConfiguration("/**", configuration);
     return source;

From d758e655eea6d73afe247879a9e1da15873b41b9 Mon Sep 17 00:00:00 2001
From: Lauro Correia Silveira <lauro.silveira@outlook.com.br>
Date: Wed, 20 Dec 2023 10:10:26 +0100
Subject: [PATCH 3/3] Setup Cros configuration to allow between railway and
 spring requests (#85) (#87)

---
 .../infraestructure/security/SecurityConfigurations.java  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
index c025722..632ce86 100644
--- a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
+++ b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
@@ -39,7 +39,7 @@ public class SecurityConfigurations {
   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     //disable cross site request forgery
-    return http.csrf(AbstractHttpConfigurer::disable)
+    return http.csrf(csrf -> csrf.ignoringRequestMatchers("/login/**") )
         //Disable Spring control and allow all endpoints
             .sessionManagement(managementConfigurer ->
                     managementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
@@ -55,10 +55,10 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
   }
 
 
-  /**
+/*  *//**
    * Configure Cross
    * @return CorsConfigurationSource
-   */
+   *//*
   @Bean
    public CorsConfigurationSource corsConfigurationSource() {
     CorsConfiguration configuration = new CorsConfiguration();
@@ -68,7 +68,7 @@ public CorsConfigurationSource corsConfigurationSource() {
     UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
     source.registerCorsConfiguration("/**", configuration);
     return source;
-  }
+  }*/
 
 
   /**