From 583c542c921f798322813ce1ecb52a595e51c2f9 Mon Sep 17 00:00:00 2001 From: patrick-werner Date: Wed, 31 Mar 2021 12:34:28 +0200 Subject: [PATCH] changed CORS to allowed origin pattern --- .../ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java | 2 +- src/main/resources/application.yaml | 11 +++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java b/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java index 8154714..0333e71 100644 --- a/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java +++ b/src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java @@ -280,7 +280,7 @@ public class BaseJpaRestfulServer extends RestfulServer { config.addAllowedHeader("X-Requested-With"); config.addAllowedHeader("Prefer"); List allAllowedCORSOrigins = appProperties.getCors().getAllowed_origin(); - allAllowedCORSOrigins.forEach(config::addAllowedOrigin); + allAllowedCORSOrigins.forEach(config::addAllowedOriginPattern); config.addExposedHeader("Location"); diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 6d685bd..015bc71 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -82,12 +82,11 @@ hapi: #partitioning: # allow_references_across_partitions: false # partitioning_include_in_search_hashes: false - #cors: - # allow_Credentials: true - # Supports multiple, comma separated allowed origin entries - # cors.allowed_origin=http://localhost:8080,https://localhost:8080,https://fhirtest.uhn.ca - # allowed_origin: - # - '*' + cors: + allow_Credentials: true + # These are allowed_origin patterns, see: https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/cors/CorsConfiguration.html#setAllowedOriginPatterns-java.util.List- + allowed_origin: + - '*' # logger: # error_format: 'ERROR - ${requestVerb} ${requestUrl}'