Skip to content

Fix/cors policy#2

Merged
scobca merged 4 commits intomainfrom
fix/cors-policy
Sep 6, 2025
Merged

Fix/cors policy#2
scobca merged 4 commits intomainfrom
fix/cors-policy

Conversation

@scobca
Copy link
Copy Markdown
Member

@scobca scobca commented Sep 6, 2025

Closes #1

@scobca
build(core): updated application.yaml
6f44399 
Added frontend hosts values
@scobca
build(core): CORS policy
4380b8f 
Created configuration class with CORS setup
@scobca scobca requested a review from Copilot September 6, 2025 21:25
@scobca scobca self-assigned this Sep 6, 2025
@scobca scobca added the enhancement New feature or request label Sep 6, 2025

This comment was marked as outdated.

Sign in to view

@github-actions
Copy link
Copy Markdown

github-actions bot commented Sep 6, 2025
edited
Loading

Qodana Community for JVM

It seems all right 👌

No new problems were found according to the checks applied

☁️ View the detailed Qodana report

Contact Qodana team

Contact us at qodana-support@jetbrains.com

@scobca
fix(core): updated cors policy
a9d33be 
Updated list of request headers
@scobca scobca requested a review from Copilot September 6, 2025 21:30
Copilot AI reviewed Sep 6, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements CORS (Cross-Origin Resource Sharing) configuration to fix CORS policy issues. It adds frontend host configuration and creates a dedicated CORS configuration class to allow cross-origin requests from specified frontend origins.

  • Adds frontend host configuration to application.yaml for local and production environments
  • Creates CorsConfig class with proper CORS policy configuration including allowed origins, methods, headers, and credentials

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
src/main/resources/application.yaml Adds frontend host configuration for local and production environments
src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt Creates CORS configuration bean with allowed origins, methods, headers, and credentials support

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt
Comment on lines +23 to +24
addAllowedOrigin(frontendLocalHost)
addAllowedOrigin(frontendProductionHost)
Copy link

Copilot AI Sep 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using addAllowedOrigin() with dynamic origins can be a security risk if the environment variables contain wildcard values like '*'. Consider using addAllowedOriginPattern() for better control or validate that the origins are specific URLs.

Suggested change
addAllowedOrigin(frontendLocalHost)
addAllowedOrigin(frontendProductionHost)
addAllowedOriginPattern(frontendLocalHost)
addAllowedOriginPattern(frontendProductionHost)

Copilot uses AI. Check for mistakes.
@scobca scobca merged commit 2574930 into main Sep 6, 2025
1 check passed
@scobca scobca deleted the fix/cors-policy branch September 6, 2025 21:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@scobca scobca

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix | update CORS policy

2 participants

@scobca