Test Spring-only config.

samie · Jul 26, 2024 · 98011b9 · 98011b9
1 parent 9bfb790
commit 98011b9
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 76 deletions.
diff --git a/src/main/java/com/example/application/Application.java b/src/main/java/com/example/application/Application.java
@@ -2,8 +2,25 @@
 
 import com.vaadin.flow.component.page.AppShellConfigurator;
 import com.vaadin.flow.theme.Theme;
+import jakarta.servlet.Filter;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
+import org.apache.tomcat.util.http.SameSiteCookies;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.web.embedded.tomcat.TomcatContextCustomizer;
+import org.springframework.boot.web.servlet.server.CookieSameSiteSupplier;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.Arrays;
 
 /**
  * The entry point of the Spring Boot application.
@@ -13,10 +30,40 @@
  *
  */
 @SpringBootApplication
+@CrossOrigin(origins = "https://samie.github.io", maxAge = 3600)
 public class Application implements AppShellConfigurator {
 
     public static void main(String[] args) {
         SpringApplication.run(Application.class, args);
     }
 
+    @Bean
+    public TomcatContextCustomizer sessionCookieConfigForCors() {
+        return context -> {
+            final Rfc6265CookieProcessor cookieProcessor = new Rfc6265CookieProcessor() {
+                @Override
+                public String generateHeader(Cookie cookie, HttpServletRequest request) {
+
+                    // Needs to be secure
+                    if (cookie.getName().startsWith("JSESSIONID")) {
+                        cookie.setSecure(true);
+                        cookie.setAttribute("SameSite", SameSiteCookies.NONE.getValue());
+                    }
+                    return super.generateHeader(cookie, request);
+                }
+            };
+            context.setCookieProcessor(cookieProcessor);
+        };
+    }
+
+    @Bean
+    CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(Arrays.asList("https://samie.github.io"));
+        configuration.setAllowedMethods(Arrays.asList("GET", "POST"));
+        configuration.setAllowedHeaders(Arrays.asList("*"));
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+        return source;
+    }
 }
diff --git a/src/main/java/com/example/application/CORSFilter.java b/src/main/java/com/example/application/CORSFilter.java