Skip to content

Commit

Permalink
Merge pull request #59 from georchestra/cors-csrf-activation-by-confi…
Browse files Browse the repository at this point in the history
…guration

remove cors/csrf java code configuration, in favor of regular spring-cloud-gateway configuration
  • Loading branch information
pmauduit authored Nov 2, 2023
2 parents f1e4393 + 5f16ad3 commit 9949d8b
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -66,10 +66,6 @@ public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http,
List<ServerHttpSecurityCustomizer> customizers) throws Exception {

log.info("Initializing security filter chain...");
// disable csrf and cors or the websocket connection gets a 403 Forbidden.
// Revisit.
log.info("CSRF and CORS disabled. Revisit how they interfer with Websockets proxying.");
http.csrf().disable().cors().disable();

http.formLogin()
.authenticationFailureHandler(new ExtendedRedirectServerAuthenticationFailureHandler("login?error"))
Expand Down
15 changes: 13 additions & 2 deletions gateway/src/main/resources/application.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ server:
port: 8080
compression.enabled: true
# HTTP/2 is only supported over TLS (HTTPS)
# So we need to configure SSL if we want to support HTTP/2
# So we need to configure SSL if we want to support HTTP/2
http2.enabled: ${server.ssl.enabled}
ssl:
enabled: false
#TODO: configure SSL with a self-signed certificate

spring:
config:
import: optional:file:${georchestra.datadir}/default.properties,optional:file:${georchestra.datadir}/gateway/gateway.yaml,optional:file:${georchestra.datadir}/gateway/security.yaml
Expand All @@ -32,6 +32,17 @@ spring:
enabled: true
global-filter.websocket-routing.enabled: true
metrics.enabled: true
# Uncomment the following to allow cross-origin requests from any methods
# coming from anywhere.
# See https://docs.spring.io/spring-cloud-gateway/reference/spring-cloud-gateway/cors-configuration.html
# for more infos.
#globalcors:
# cors-configurations:
# '[/**]':
# allowedOrigins: "*"
# allowedHeaders: "*"
# allowedMethods: "*"

default-filters:
- SecureHeaders
- TokenRelay
Expand Down

0 comments on commit 9949d8b

Please sign in to comment.