diff --git a/src/main/java/com/hiveops/aria/config/SecurityConfig.java b/src/main/java/com/hiveops/aria/config/SecurityConfig.java index 799e953..1229225 100644 --- a/src/main/java/com/hiveops/aria/config/SecurityConfig.java +++ b/src/main/java/com/hiveops/aria/config/SecurityConfig.java @@ -10,12 +10,6 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; -import org.springframework.web.cors.CorsConfiguration; -import org.springframework.web.cors.CorsConfigurationSource; -import org.springframework.web.cors.UrlBasedCorsConfigurationSource; - -import java.util.Arrays; -import java.util.List; @Configuration @EnableWebSecurity @@ -31,7 +25,7 @@ public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http - .cors(cors -> cors.configurationSource(corsConfigurationSource())) + .cors(AbstractHttpConfigurer::disable) .csrf(AbstractHttpConfigurer::disable) .sessionManagement(s -> s.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .authorizeHttpRequests(auth -> auth @@ -46,29 +40,4 @@ public class SecurityConfig { return http.build(); } - - @Bean - public CorsConfigurationSource corsConfigurationSource() { - CorsConfiguration config = new CorsConfiguration(); - - String originsEnv = System.getenv("CORS_ALLOWED_ORIGINS"); - if (originsEnv != null && !originsEnv.isBlank()) { - config.setAllowedOrigins(Arrays.asList(originsEnv.split(","))); - } else { - config.setAllowedOrigins(List.of( - "https://aria.bcos.cloud", - "https://portal.bcos.cloud", - "http://localhost:5181" - )); - } - - config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); - config.setAllowedHeaders(List.of("Authorization", "Content-Type", "X-Requested-With", "X-Service-Secret")); - config.setAllowCredentials(true); - config.setMaxAge(3600L); - - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", config); - return source; - } }