Merge pull request #223 from hapifhir/pw/fixing-cors_again

FIXING CORS: changed CORS to allowed origin pattern

src/main/java/ca/uhn/fhir/jpa/starter/BaseJpaRestfulServer.java

@@ -280,7 +280,7 @@ public class BaseJpaRestfulServer extends RestfulServer {
       config.addAllowedHeader("X-Requested-With");
       config.addAllowedHeader("Prefer");
       List<String> allAllowedCORSOrigins = appProperties.getCors().getAllowed_origin();
-      allAllowedCORSOrigins.forEach(config::addAllowedOrigin);
+      allAllowedCORSOrigins.forEach(config::addAllowedOriginPattern);
 
 
       config.addExposedHeader("Location");

src/main/resources/application.yaml

@@ -82,12 +82,11 @@ hapi:
     #partitioning:
     #  allow_references_across_partitions: false
     #  partitioning_include_in_search_hashes: false
-    #cors:
+    cors:
-    #  allow_Credentials: true
+      allow_Credentials: true
-      # Supports multiple, comma separated allowed origin entries
+      # These are allowed_origin patterns, see: https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/cors/CorsConfiguration.html#setAllowedOriginPatterns-java.util.List-
-      # cors.allowed_origin=http://localhost:8080,https://localhost:8080,https://fhirtest.uhn.ca
+      allowed_origin:
-    #  allowed_origin:
+        - '*'
-    #    - '*'
 
 #    logger:
 #      error_format: 'ERROR - ${requestVerb} ${requestUrl}'