Patrick Werner
GitHub
@@ -42,6 +42,7 @@ public class HapiProperties {
|
||||
static final String TESTER_CONFIG_REFUSE_TO_FETCH_THIRD_PARTY_URLS = "tester.config.refuse_to_fetch_third_party_urls";
|
||||
static final String CORS_ENABLED = "cors.enabled";
|
||||
static final String CORS_ALLOWED_ORIGIN = "cors.allowed_origin";
|
||||
static final String CORS_ALLOW_CREDENTIALS = "cors.allowCredentials";
|
||||
static final String ALLOW_CONTAINS_SEARCHES = "allow_contains_searches";
|
||||
static final String ALLOW_OVERRIDE_DEFAULT_SEARCH_PARAMS = "allow_override_default_search_params";
|
||||
static final String EMAIL_FROM = "email.from";
|
||||
@@ -323,4 +324,8 @@ public class HapiProperties {
|
||||
String value = HapiProperties.getProperty(REUSE_CACHED_SEARCH_RESULTS_MILLIS, "-1");
|
||||
return Long.valueOf(value);
|
||||
}
|
||||
|
||||
public static Boolean getCorsAllowedCredentials() {
|
||||
return HapiProperties.getBooleanProperty(CORS_ALLOW_CREDENTIALS, false);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -28,6 +28,7 @@ import ca.uhn.fhir.rest.server.interceptor.ResponseHighlighterInterceptor;
|
||||
import org.hl7.fhir.dstu3.model.Bundle;
|
||||
import org.hl7.fhir.dstu3.model.Meta;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.web.cors.CorsConfiguration;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
@@ -185,18 +186,25 @@ public class JpaRestfulServer extends RestfulServer {
|
||||
// to your specific needs
|
||||
if (HapiProperties.getCorsEnabled()) {
|
||||
CorsConfiguration config = new CorsConfiguration();
|
||||
config.addAllowedHeader(HttpHeaders.ORIGIN);
|
||||
config.addAllowedHeader(HttpHeaders.ACCEPT);
|
||||
config.addAllowedHeader(HttpHeaders.CONTENT_TYPE);
|
||||
config.addAllowedHeader(HttpHeaders.AUTHORIZATION);
|
||||
config.addAllowedHeader(HttpHeaders.CACHE_CONTROL);
|
||||
config.addAllowedHeader("x-fhir-starter");
|
||||
config.addAllowedHeader("Origin");
|
||||
config.addAllowedHeader("Accept");
|
||||
config.addAllowedHeader("X-Requested-With");
|
||||
config.addAllowedHeader("Content-Type");
|
||||
config.addAllowedHeader("Prefer");
|
||||
|
||||
String allAllowedCORSOrigins = HapiProperties.getCorsAllowedOrigin();
|
||||
Arrays.stream(allAllowedCORSOrigins.split(",")).forEach(o -> {
|
||||
config.addAllowedOrigin(o);
|
||||
});
|
||||
config.addAllowedOrigin(HapiProperties.getCorsAllowedOrigin());
|
||||
|
||||
config.addExposedHeader("Location");
|
||||
config.addExposedHeader("Content-Location");
|
||||
config.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"));
|
||||
config.setAllowedMethods(
|
||||
Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH", "HEAD"));
|
||||
config.setAllowCredentials(HapiProperties.getCorsAllowedCredentials());
|
||||
|
||||
// Create the interceptor and register it
|
||||
CorsInterceptor interceptor = new CorsInterceptor(config);
|
||||
|
||||
@@ -51,7 +51,10 @@ hibernate.search.default.indexBase=target/lucenefiles
|
||||
hibernate.search.lucene_version=LUCENE_CURRENT
|
||||
tester.config.refuse_to_fetch_third_party_urls=false
|
||||
cors.enabled=true
|
||||
cors.allowed_origin=*
|
||||
cors.allowCredentials=true
|
||||
# Supports multiple, comma separated allowed origin entries
|
||||
# cors.allowed_origin=http://localhost:8080,https://localhost:8080,https://fhirtest.uhn.ca
|
||||
cors.allow_origin=*
|
||||
|
||||
##################################################
|
||||
# Subscriptions
|
||||
|
||||
Reference in New Issue
Block a user