From 6f44399bfe5f8a963d038eefcaab9dd857293a4b Mon Sep 17 00:00:00 2001 From: Vladimir Fokin <115186975+scobca@users.noreply.github.com> Date: Sun, 7 Sep 2025 00:07:49 +0300 Subject: [PATCH 1/4] build(core): updated application.yaml Added frontend hosts values --- src/main/resources/application.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index f668e0e..0de3a09 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -8,6 +8,9 @@ services: events-service: ${EVENTS_SERVICE_URI} mail-service: ${MAIL_SERVICE_URI} file-service: ${FILE_SERVICE_URI} + frontend: + local: ${LOCAL_HOST} + production: ${PRODUCTION_HOST} server: port: 8080 \ No newline at end of file From 4380b8f3b3bcf5db26cf565c13f2fe71ea2cca0f Mon Sep 17 00:00:00 2001 From: Vladimir Fokin <115186975+scobca@users.noreply.github.com> Date: Sun, 7 Sep 2025 00:25:17 +0300 Subject: [PATCH 2/4] build(core): CORS policy Created configuration class with CORS setup --- .../apientrypoint/config/CorsConfig.kt | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt diff --git a/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt b/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt new file mode 100644 index 0000000..e658d37 --- /dev/null +++ b/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt @@ -0,0 +1,35 @@ +package org.careerseekers.apientrypoint.config + +import org.springframework.beans.factory.annotation.Value +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import org.springframework.web.cors.CorsConfiguration +import org.springframework.web.cors.reactive.CorsWebFilter +import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource + + +@Configuration +class CorsConfig { + + @Value("\${services.frontend.local}") + private lateinit var frontendLocalHost: String + + @Value("\${services.frontend.production}") + private lateinit var frontendProductionHost: String + + @Bean + fun corsWebFilter(): CorsWebFilter { + val corsConfig = CorsConfiguration().apply { + addAllowedOrigin(frontendLocalHost) + addAllowedOrigin(frontendProductionHost) + allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS") + allowedHeaders = listOf("*") + allowCredentials = true + } + + val source = UrlBasedCorsConfigurationSource() + source.registerCorsConfiguration("/**", corsConfig) + + return CorsWebFilter(source) + } +} \ No newline at end of file From a9d33beebf52a20af300ac360bf40116ce8b1936 Mon Sep 17 00:00:00 2001 From: Vladimir Fokin <115186975+scobca@users.noreply.github.com> Date: Sun, 7 Sep 2025 00:29:46 +0300 Subject: [PATCH 3/4] fix(core): updated cors policy Updated list of request headers --- .../kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt b/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt index e658d37..708516b 100644 --- a/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt +++ b/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt @@ -23,7 +23,7 @@ class CorsConfig { addAllowedOrigin(frontendLocalHost) addAllowedOrigin(frontendProductionHost) allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS") - allowedHeaders = listOf("*") + allowedHeaders = listOf("Content-Type", "Authorization", "Accept", "Origin", "X-Requested-With") allowCredentials = true } From d39ea3adc20140762d0a9d2272b86ec858291227 Mon Sep 17 00:00:00 2001 From: Vladimir Fokin <115186975+scobca@users.noreply.github.com> Date: Sun, 7 Sep 2025 00:36:08 +0300 Subject: [PATCH 4/4] feat(core): added host patterns --- .../org/careerseekers/apientrypoint/config/CorsConfig.kt | 5 +++++ src/main/resources/application.yaml | 1 + 2 files changed, 6 insertions(+) diff --git a/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt b/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt index 708516b..ffa9ae1 100644 --- a/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt +++ b/src/main/kotlin/org/careerseekers/apientrypoint/config/CorsConfig.kt @@ -17,11 +17,16 @@ class CorsConfig { @Value("\${services.frontend.production}") private lateinit var frontendProductionHost: String + @Value("\${services.frontend.productionPattern}") + private lateinit var frontendProductionHostPattern: String + @Bean fun corsWebFilter(): CorsWebFilter { val corsConfig = CorsConfiguration().apply { addAllowedOrigin(frontendLocalHost) addAllowedOrigin(frontendProductionHost) + addAllowedOriginPattern(frontendProductionHostPattern) + allowedMethods = listOf("GET", "POST", "PUT", "DELETE", "OPTIONS") allowedHeaders = listOf("Content-Type", "Authorization", "Accept", "Origin", "X-Requested-With") allowCredentials = true diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 0de3a09..a67c817 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -11,6 +11,7 @@ services: frontend: local: ${LOCAL_HOST} production: ${PRODUCTION_HOST} + productionPattern: ${PRODUCTION_HOST_PATTERN} server: port: 8080 \ No newline at end of file