From 772c4250e17a3049053859114891956fbdbdb21d Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 08:46:09 +0100
Subject: [PATCH] [1.2.x] Allow to enable cors with configuration (#49) (#52)

* feat: allow to enable cors with configuration

* feat: set list of string instead

(cherry picked from commit ac7e108bab0c0225165b401cc84a4ba3b33cb2f7)

Co-authored-by: f-necas <39771412+f-necas@users.noreply.github.com>
---
 .../api/ApiAutoConfiguration.java             | 19 ++++++++++++++++++-
 .../src/main/resources/application.yml        |  4 ++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/services/ogc-features/src/main/java/com/camptocamp/opendata/ogc/features/autoconfigure/api/ApiAutoConfiguration.java b/src/services/ogc-features/src/main/java/com/camptocamp/opendata/ogc/features/autoconfigure/api/ApiAutoConfiguration.java
index 6b930fd..4e62f2b 100644
--- a/src/services/ogc-features/src/main/java/com/camptocamp/opendata/ogc/features/autoconfigure/api/ApiAutoConfiguration.java
+++ b/src/services/ogc-features/src/main/java/com/camptocamp/opendata/ogc/features/autoconfigure/api/ApiAutoConfiguration.java
@@ -8,7 +8,10 @@
 import java.util.Enumeration;
 import java.util.List;
 
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
@@ -55,6 +58,7 @@
  */
 @AutoConfiguration
 @Import(SpringDocConfiguration.class)
+@Slf4j
 public class ApiAutoConfiguration implements WebMvcConfigurer {
 
     @Bean
@@ -188,8 +192,21 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         }
     }
 
+    @Value("${cors.allowed-origins:}")
+    private String[] allowedOrigins;
+
+    @Value("${cors.allowed-methods:*}")
+    private String[] allowedMethods;
+
+    @ConditionalOnProperty(name = "cors", havingValue = "true")
     @Override
     public void addCorsMappings(CorsRegistry registry) {
-        registry.addMapping("/**").allowedMethods("*");
+        if (allowedOrigins.length == 0) {
+            log.warn("CORS disabled");
+            return;
+        }
+        log.warn("CORS enabled for origins: " + Arrays.toString(allowedOrigins) + " methods: "
+                + Arrays.toString(allowedMethods));
+        registry.addMapping("/**").allowedMethods(allowedMethods).allowedOrigins(allowedOrigins);
     }
 }
diff --git a/src/services/ogc-features/src/main/resources/application.yml b/src/services/ogc-features/src/main/resources/application.yml
index 62e7079..3088e24 100644
--- a/src/services/ogc-features/src/main/resources/application.yml
+++ b/src/services/ogc-features/src/main/resources/application.yml
@@ -18,6 +18,10 @@ springdoc:
     #path: ${openapi.geoServerACL.base-path}/swagger-ui.html
     try-it-out-enabled: true
 
+#cors:
+#  allowed-origins: "*, https://localhost:8080"
+#  allowed-methods: GET, POST, PUT, DELETE, OPTIONS
+
 logging:
   level:
     root: info