commit

5c4cea05 · Whispa · e713ccc3 · 5c4cea05 · 5c4cea05
--- a/src/main/java/com/example/afrishop_v3/security/SimpleCORSFilter.java
+++ b/src/main/java/com/example/afrishop_v3/security/SimpleCORSFilter.java
+package com.example.afrishop_v3.security;
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+
+@Component
+public class SimpleCORSFilter implements Filter {
+
+    private final Logger log = LoggerFactory.getLogger(SimpleCORSFilter.class);
+
+    public SimpleCORSFilter() {
+        log.info("SimpleCORSFilter init");
+    }
+
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+
+        HttpServletRequest request = (HttpServletRequest) req;
+        HttpServletResponse response = (HttpServletResponse) res;
+
+        response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
+        response.setHeader("Access-Control-Allow-Credentials", "true");
+        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
+        response.setHeader("Access-Control-Max-Age", "3600");
+        response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");
+
+        chain.doFilter(req, res);
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) {
+    }
+
+    @Override
+    public void destroy() {
+    }
+
+}
--- a/src/main/java/com/example/afrishop_v3/security/WebSecurityConfig.java
+++ b/src/main/java/com/example/afrishop_v3/security/WebSecurityConfig.java
@@ -58,7 +58,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
-        http.cors().and().csrf().disable()
+        http.csrf().disable().cors().and()
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests().antMatchers("/api/auth/**","/search/image/**", "/itemStation/**", "/startPage/**", "/goodsType/**", "/home/**", "/spider/**", "/store/**", "/shopify/**", "/community/**","/version/**").permitAll()