Setup Cros configuration to allow between railway and spring requests (…

…#85)
LauroSilveira · Dec 20, 2023 · 96fc105 · 96fc105
1 parent a094ecc
commit 96fc105
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java b/src/main/java/com/alura/aluraflixapi/infraestructure/security/SecurityConfigurations.java
@@ -39,7 +39,7 @@ public class SecurityConfigurations {
   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
     //disable cross site request forgery
-    return http.csrf(AbstractHttpConfigurer::disable)
+    return http.csrf(csrf -> csrf.ignoringRequestMatchers("/login/**") )
         //Disable Spring control and allow all endpoints
             .sessionManagement(managementConfigurer ->
                     managementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
@@ -55,19 +55,20 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
   }
 
 
-  /**
+/*  *//**
    * Configure Cross
    * @return CorsConfigurationSource
-   */
+   *//*
   @Bean
    public CorsConfigurationSource corsConfigurationSource() {
     CorsConfiguration configuration = new CorsConfiguration();
-    configuration.setAllowedOrigins(List.of("https://alura-flix-api-production.up.railway.app"));
-    configuration.setAllowedMethods(Arrays.asList("GET","POST"));
+    configuration.setAllowedOrigins(List.of("*"));
+    configuration.setAllowedMethods(List.of("*"));
+    configuration.setAllowedHeaders(List.of("*"));
     UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
     source.registerCorsConfiguration("/**", configuration);
     return source;
-  }
+  }*/
 
 
   /**